NVD Vulnerability Detail

CVE-2012-3426

Summary	OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
Publication Date	July 31, 2012, 7:45 p.m.
Registration Date	Jan. 28, 2021, 3 p.m.
Last Update	Nov. 21, 2024, 10:40 a.m.

CVSS2.0 : MEDIUM
Score	4.9
Vector	AV:N/AC:M/Au:S/C:P/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	単一
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openstack:essex::::::::
cpe:2.3:a:openstack:keystone:2012.1:::::::*
cpe:2.3:a:openstack:horizon:folsom-1:::::::*
cpe:2.3:a:openstack:keystone:2012.1.1:::::::*

Related information, measures and tools

No	URL	タグ
1	http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
2	http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
3	http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355	Patch
4	http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355	Patch
5	http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626	Exploit Patch
6	http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626	Exploit Patch
7	http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
8	http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
9	http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
10	http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
11	http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de	Exploit Patch
12	http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de	Exploit Patch
13	http://secunia.com/advisories/50045
14	http://secunia.com/advisories/50045
15	http://secunia.com/advisories/50494
16	http://secunia.com/advisories/50494
17	http://www.openwall.com/lists/oss-security/2012/07/27/4	Patch
18	http://www.openwall.com/lists/oss-security/2012/07/27/4	Patch
19	http://www.ubuntu.com/usn/USN-1552-1
20	http://www.ubuntu.com/usn/USN-1552-1
21	https://bugs.launchpad.net/keystone/+bug/996595
22	https://bugs.launchpad.net/keystone/+bug/996595
23	https://bugs.launchpad.net/keystone/+bug/997194
24	https://bugs.launchpad.net/keystone/+bug/997194
25	https://bugs.launchpad.net/keystone/+bug/998185
26	https://bugs.launchpad.net/keystone/+bug/998185
27	https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz	Patch
28	https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz	Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

OpenStack Keystone における承認の制限を回避される脆弱性

Title	OpenStack Keystone における承認の制限を回避される脆弱性
Summary	OpenStack Folsom および Essex で使用される OpenStack Keystone は、トークンの有効期限切れに関する実装が適切でないため、承認の制限を回避される脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、(1) トークンの連鎖 (chaining) を介して新しいトークンを生成される、(2) 無効なユーザアカウントに対するトークンの占有を利用される、または (3) 変更されたパスワードを持つアカウントに対するトークンの占有を利用されることで、承認の制限を回避される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 8, 2012, midnight
Registration Date	Aug. 1, 2012, 4:41 p.m.
Last Update	Sept. 14, 2012, 4:33 p.m.

Affected System

OpenStack

OpenStack Compute Folsom Folsom-1 未満

OpenStack Essex

Openstack Keystone 2012.1.1 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-3426	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3426
National Vulnerability Database (NVD)
2	CVE-2012-3426	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3426

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
GitHub
1	Carrying over token expiry time when token chaining - 29e74e7	https://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
2	Carrying over token expiry time when token chaining - 375838c	https://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
3	Invalidate user tokens when a user is disabled - 628149b	https://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
4	Invalidate user tokens when a user is disabled - d960043	https://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
5	Invalidate user tokens when password is changed - a67b248	https://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
6	Invalidate user tokens when password is changed - ea03d05	https://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de
Launchpad
7	Following a password compromise and subsequent password change, tokens remain valid.	https://bugs.launchpad.net/keystone/+bug/996595
8	Once a token is created/distributed its expiry date can be circumvented	https://bugs.launchpad.net/keystone/+bug/998185
9	Tokens remain valid after a user account is disabled	https://bugs.launchpad.net/keystone/+bug/997194
Ubuntu Security Notice
10	USN-1552-1	http://www.ubuntu.com/usn/USN-1552-1/

Change Log

No	Changed Details	Date of change
0	[2012年07月31日] 掲載 [2012年09月14日] ベンダ情報：Ubuntu (USN-1552-1) を追加	Feb. 17, 2018, 10:37 a.m.