CVE-2020-12692

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:keystone:16.0.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Information

Published : 2020-05-06 17:15

Updated : 2022-04-27 07:49


NVD link : CVE-2020-12692

Mitre link : CVE-2020-12692


JSON object : View

CWE
CWE-347

Improper Verification of Cryptographic Signature

CWE-294

Authentication Bypass by Capture-replay

Advertisement

dedicated server usa

Products Affected

canonical

  • ubuntu_linux

openstack

  • keystone