CVE-2014-2828

CWE-287Improper AuthenticationCWE-20Improper Input ValidationCWE-400Uncontrolled Resource ConsumptionCWE-416Use After Free9 documents7 sources
Severity
7.8HIGH
EPSS
0.9%
top 24.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Keystone
Timeline
PublishedApr 15
Latest updateMay 17

Description

The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

NVDopenstack/keystone8 versions+7
PyPIkeystone< 8.0.0a0
Debiankeystone< 2014.1-1+3

🔴Vulnerability Details

4
OSV
OpenStack Identity (Keystone) DoS through V3 API authentication chaining2022-05-17
GHSA
OpenStack Identity (Keystone) DoS through V3 API authentication chaining2022-05-17
OSV
CVE-2014-2828: The V3 API in OpenStack Identity (Keystone) 20132014-04-15
CVEList
CVE-2014-2828: The V3 API in OpenStack Identity (Keystone) 20132014-04-15

📋Vendor Advisories

2
Red Hat
openstack-keystone: denial of service via V3 API authentication chaining2014-03-31
Debian
CVE-2014-2828: keystone - The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse ...2014

💬Community

1
Bugzilla
CVE-2014-2828 openstack-keystone: denial of service via V3 API authentication chaining2014-04-10
CVE-2014-2828 (HIGH CVSS 7.8) | The V3 API in OpenStack Identity (K | cvebase.io