Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2012-3426 | First vendor Publication | 2012-07-31 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.9 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3426 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:18010 | |||
| Oval ID: | oval:org.mitre.oval:def:18010 | ||
| Title: | USN-1552-1 -- keystone vulnerabilities | ||
| Description: | Two security issues were fixed in OpenStack Keystone. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1552-1 CVE-2012-3542 CVE-2012-3426 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 | Product(s): | keystone |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 | |
| Application | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-12-11 | Name : Fedora Update for openstack-keystone FEDORA-2012-19341 File : nvt/gb_fedora_2012_19341_openstack-keystone_fc17.nasl |
| 2012-11-29 | Name : Ubuntu Update for keystone USN-1641-1 File : nvt/gb_ubuntu_USN_1641_1.nasl |
| 2012-10-05 | Name : Fedora Update for openstack-keystone FEDORA-2012-13075 File : nvt/gb_fedora_2012_13075_openstack-keystone_fc17.nasl |
| 2012-09-04 | Name : Ubuntu Update for keystone USN-1552-1 File : nvt/gb_ubuntu_USN_1552_1.nasl |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-11-29 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1641-1.nasl - Type : ACT_GATHER_INFO |
| 2012-09-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1552-1.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:00:52 |
|
| 2024-11-28 12:30:42 |
|
| 2021-05-04 12:21:05 |
|
| 2021-04-22 01:25:12 |
|
| 2020-05-23 00:34:10 |
|
| 2016-04-26 22:04:29 |
|
| 2014-02-17 11:11:40 |
|
| 2013-05-10 22:42:28 |
|
