CVE-2013-2157: OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an…

medium4.3CVSS 3.1

AVNACMAuNCNIPAN

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.

Affected

8 ranges

Vendor	Product	Version range	Fixed in
debian	keystone	< keystone 2013.1.2-1 (bookworm)	keystone 2013.1.2-1 (bookworm)
openstack	keystone	>= 0 < 2013.1.2-1	2013.1.2-1
openstack	keystone	>= 0 < 2013.1.2-1	2013.1.2-1
openstack	keystone	>= 0 < 2013.1.2-1	2013.1.2-1
openstack	keystone	>= 0 < 2013.1.2-1	2013.1.2-1
openstack	keystone	2012.2 – 2012.2.4	—
openstack	keystone	>= 2013.1 < 2013.1.3	2013.1.3
openstack	keystone	2013.2 – 2013.2.4	—

CVSS provenance

nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N

osv4.3MEDIUM