Vulnerability Description
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Keystone | >= 2012.2, <= 2012.2.4 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2013-0994.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1083.htmlThird Party Advisory
- http://www.openwall.com/lists/oss-security/2013/06/13/3Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/60545Third Party AdvisoryVDB Entry
- http://rhn.redhat.com/errata/RHSA-2013-0994.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1083.htmlThird Party Advisory
- http://www.openwall.com/lists/oss-security/2013/06/13/3Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/60545Third Party AdvisoryVDB Entry
FAQ
What is CVE-2013-2157?
CVE-2013-2157 is a vulnerability with a CVSS score of 4.3 (MEDIUM). OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.
How severe is CVE-2013-2157?
CVE-2013-2157 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2157?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Keystone.