Authentication Weakness in keystone

Published: Aug 19, 2020
Updated: Apr 14, 2023
GHSA: <a href="https://github.com/advisories/GHSA-9xgp-hfw7-73rq" target="_blank" rel="noopener"> GHSA-9xgp-hfw7-73rq
Severity: Medium
Exploit:

There is an authentication weakness vulnerability in keystone before version 0.3.16. Due to a bug in the the default sign in functionality, incomplete email addresses could be matched. A correct password is still required to complete sign in.