Vulnerability Details CVE-2013-2157
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://rhn.redhat.com/errata/RHSA-2013-0994.html
- http://rhn.redhat.com/errata/RHSA-2013-1083.html
- http://www.openwall.com/lists/oss-security/2013/06/13/3
- http://www.securityfocus.com/bid/60545
- http://rhn.redhat.com/errata/RHSA-2013-0994.html
- http://rhn.redhat.com/errata/RHSA-2013-1083.html
- http://www.openwall.com/lists/oss-security/2013/06/13/3
- http://www.securityfocus.com/bid/60545
Products affected by CVE-2013-2157
-
cpe:2.3:a:openstack:keystone:2012.2
-
cpe:2.3:a:openstack:keystone:2012.2.1
-
cpe:2.3:a:openstack:keystone:2012.2.2
-
cpe:2.3:a:openstack:keystone:2012.2.3
-
cpe:2.3:a:openstack:keystone:2012.2.4
-
cpe:2.3:a:openstack:keystone:2013.1
-
cpe:2.3:a:openstack:keystone:2013.1.1
-
cpe:2.3:a:openstack:keystone:2013.1.2
-
cpe:2.3:a:openstack:keystone:2013.2
-
cpe:2.3:a:openstack:keystone:2013.2.1
-
cpe:2.3:a:openstack:keystone:2013.2.2
-
cpe:2.3:a:openstack:keystone:2013.2.3
-
cpe:2.3:a:openstack:keystone:2013.2.4