CVE-2013-2157
Publication date 13 June 2013
Last updated 24 July 2024
Ubuntu priority
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.
Status
Package | Ubuntu Release | Status |
---|---|---|
keystone | ||
Notes
seth-arnold
patches in Message-ID: <[email protected]>
jdstrand
12.04 LTS does not have 0d32a417c811ce37b1b7ea1fbbc0a8376b9b3723 which is required to be exposed to this bug (ie anonymous binds fail without it) If 0d32a417c811ce37b1b7ea1fbbc0a8376b9b3723 is applied then the patch for folsom will work with some light modifications.
Patch details
Package | Patch details |
---|---|
keystone |
References
Related Ubuntu Security Notices (USN)
- USN-1875-1
- OpenStack Keystone vulnerabilities
- 14 June 2013