Skip to main content

Credentials Management Errors

CVE-2014-0105

Severity Medium
Score 6/10

Summary

The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."

  • MEDIUM
  • NETWORK
  • SINGLE
  • PARTIAL
  • PARTIAL
  • PARTIAL

CWE-255 - Credentials Management Errors

Weaknesses in this category are related to the management of credentials.

Advisory Timeline

  • Published