Unrated severityOSV Advisory· Published Dec 17, 2018· Updated Nov 14, 2024
CVE-2018-20170
CVE-2018-20170
Description
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- bugs.launchpad.net/keystone/+bug/1795800mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.