Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.4
CVSSv3

CVE-2021-3563

Published: 26/08/2022 Updated: 21/01/2024
CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2
VMScore: 0
Subscribe to Keystone

Vulnerability Summary

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openstack keystone

debian debian linux 10.0

debian debian linux 11.0

redhat openstack platform 16.1

redhat openstack platform 13.0

redhat openstack platform 10.0

redhat openstack platform 16.2

Vendor Advisories

Debian CVElist Bug Report Logs: keystone: CVE-2021-3563
Debian Bug report logs - #989998 keystone: CVE-2021-3563 Package: src:keystone; Maintainer for src:keystone is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 17 Jun 2021 13:51:02 UTC Severity: important Tags: security, upstream Found in version ...
Arch Linux Issues:
Keystone only verifies part of the secret - the first 72 characters Additional complexity is ignored, giving users an inflated sense of security Default length of a secret seems to be 86 characters While brute forcing at this scale is out of reach for many attackers, the state of the art is constantly evolving ...

References

CWE-863https://access.redhat.com/security/cve/CVE-2021-3563https://security-tracker.debian.org/tracker/CVE-2021-3563https://bugs.launchpad.net/ossa/+bug/1901891https://bugzilla.redhat.com/show_bug.cgi?id=1962908https://lists.debian.org/debian-lts-announce/2024/01/msg00007.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989998https://nvd.nist.govhttps://security.archlinux.org/CVE-2021-3563
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook