CVE-2013-2157

Published: 13 June 2013

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.

Priority

Medium

Notes

AuthorNote
seth-arnold
patches in Message-ID: <51B1A6BC.9050307@openstack.org>
jdstrand
12.04 LTS does not have 0d32a417c811ce37b1b7ea1fbbc0a8376b9b3723
which is required to be exposed to this bug (ie anonymous binds fail without
it)
If 0d32a417c811ce37b1b7ea1fbbc0a8376b9b3723 is applied then the
patch for folsom will work with some light modifications.

References

Bugs