CVE-2014-2828

The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."

Published: Apr 15, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-2828
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
openstack / keystone	2013.2.2	2013.2.2.x
openstack / keystone	2013.1.3	2013.1.3.x
openstack / keystone	2013.2.3	2013.2.3.x
openstack / keystone	2013.2.1	2013.2.1.x
openstack / keystone	2013.1.1	2013.1.1.x
openstack / keystone	2013.1.2	2013.1.2.x
openstack / keystone	2013.1	2013.1.x
openstack / keystone	2013.2	2013.2.x

http://rhn.redhat.com/errata/RHSA-2014-1688.html
http://www.openwall.com/lists/oss-security/2014/04/10/20
https://bugs.launchpad.net/keystone/+bug/1300274

Vulnerability Database

289,697

CVE-2014-2828