An issue exists in OpenStack Keystone prior to 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openstack keystone 16.0.0 |
||
openstack keystone |
||
canonical ubuntu linux 18.04 |