OpenStack Keystone Vulnerabilities Fixed in Ubuntu 13.04 and Ubuntu 12.10

view full story

http://news.softpedia.com – On June 13, Canonical published details about OpenStack Keystone vulnerabilities for its Ubuntu 13.04 and Ubuntu 12.10 operating systems.According to Canonical, Keystone did not always properly verify expired PKI tokens or properly authenticate users.It has been discovered that Keystone did not properly authenticate users when using the LDAP backend. An attacker could obtain valid tokens and impersonate other users by supplying an empty password. By default,... (read more) (IT news)