CVE-2013-2157

CWE-287Improper Authentication10 documents8 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 47.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Keystone
Timeline
PublishedAug 20
Latest updateMay 14

Description

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDopenstack/keystone2013.12013.1.3+2
Debiankeystone< 2013.1.2-1+3

🔴Vulnerability Details

3
GHSA
GHSA-w396-2gg4-mxgv: OpenStack Keystone Folsom, Grizzly before 20132022-05-14
OSV
CVE-2013-2157: OpenStack Keystone Folsom, Grizzly before 20132013-08-20
CVEList
CVE-2013-2157: OpenStack Keystone Folsom, Grizzly before 20132013-08-20

📋Vendor Advisories

3
Ubuntu
OpenStack Keystone vulnerabilities2013-06-14
Red Hat
openstack-keystone: Authentication bypass when using LDAP backend2013-06-13
Debian
CVE-2013-2157: keystone - OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP ...2013

💬Community

3
Bugzilla
CVE-2013-2157 openstack-keystone: Authentication bypass when using LDAP backend [epel-6]2013-06-17
Bugzilla
CVE-2013-2157 openstack-keystone: Authentication bypass when using LDAP backend [fedora-all]2013-06-17
Bugzilla
CVE-2013-2157 openstack-keystone: Authentication bypass when using LDAP backend2013-06-07
CVE-2013-2157 (MEDIUM CVSS 4.3) | OpenStack Keystone Folsom | cvebase.io