4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
66.4%
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using
LDAP with Anonymous binding, allows remote attackers to bypass
authentication via an empty password.
Author | Note |
---|---|
seth-arnold | patches in Message-ID: <[email protected]> |
jdstrand | 12.04 LTS does not have 0d32a417c811ce37b1b7ea1fbbc0a8376b9b3723 which is required to be exposed to this bug (ie anonymous binds fail without it) If 0d32a417c811ce37b1b7ea1fbbc0a8376b9b3723 is applied then the patch for folsom will work with some light modifications. |