Your submission was sent successfully! Close

CVE-2018-20170

Published: 17 December 2018

** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory.

Notes

AuthorNote
mdeslaur
disputed, marking as ignored
Priority

Low

CVSS 3 base score: 5.3

Status

Package Release Status
keystone
Launchpad, Ubuntu, Debian
bionic Ignored

cosmic Ignored
(reached end-of-life)
disco Ignored

eoan Ignored

precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream Needs triage

xenial Ignored