Moderate severityNVD Advisory· Published Jul 31, 2012· Updated Jun 16, 2026
CVE-2012-3426
CVE-2012-3426
Description
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
KeystonePyPI | < 8.0.0a0 | 8.0.0a0 |
Affected products
5Patches
Vulnerability mechanics
References
20- github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355nvdPatchWEB
- www.openwall.com/lists/oss-security/2012/07/27/4nvdPatchWEB
- launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gznvdPatchWEB
- github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626nvdExploitPatchWEB
- github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56denvdExploitPatchWEB
- github.com/advisories/GHSA-xp97-6w7r-4cjcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-3426ghsaADVISORY
- github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aanvdWEB
- github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5dnvdWEB
- github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454nvdWEB
- www.ubuntu.com/usn/USN-1552-1nvdWEB
- bugs.launchpad.net/keystone/+bug/996595nvdWEB
- bugs.launchpad.net/keystone/+bug/997194nvdWEB
- bugs.launchpad.net/keystone/+bug/998185nvdWEB
- github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355ghsaWEB
- github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626ghsaWEB
- github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5dghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-34.yamlghsaWEB
- secunia.com/advisories/50045nvd
- secunia.com/advisories/50494nvd
News mentions
0No linked articles in our index yet.