OSSA-2012-018: EC2-style credentials invalidation issue

OSSA-2012-018: EC2-style credentials invalidation issue

Date:November 28, 2012


  • Keystone: All versions


Vijaya Erukala reported a vulnerability in Keystone EC2-style credentials invalidation: when a user is removed from a tenant, issued EC2-style credentials would continue to be valid for that tenant. An authenticated and authorized user could potentially leverage this vulnerability to extend his access beyond the account owner expectations. Only setups enabling EC2-style credentials (for example enabling EC2 API in Nova) are affected.


  • Vijaya Erukala (CVE-2012-5571)
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.