OSSA-2014-013: Keystone DoS through V3 API authentication chaining

OSSA-2014-013: Keystone DoS through V3 API authentication chaining

Date:April 10, 2014
CVE:CVE-2014-2828

Affects

  • Keystone: TODO

Description

Abu Shohel Ahmed from Ericsson reported a vulnerability in Keystone V3 API authentication. By sending a single request with the same authentication method multiple times, a remote attacker may generate unwanted load on the Keystone host, potentially resulting in a Denial of Service against a Keystone service. Only Keystone setups enabling V3 API are affected.

Credits

  • Abu Shohel Ahmed from Ericsson (CVE-2014-2828)
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.