VYPR
Unrated severityOSV Advisory· Published Dec 17, 2018· Updated Nov 14, 2024

CVE-2018-20170

CVE-2018-20170

Description

OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OpenStack/KeystoneOSV2 versions
    10.0.0.0b1, 10.0.0.0b2, 10.0.0.0b3, …+ 1 more
    • (no CPE)range: 10.0.0.0b1, 10.0.0.0b2, 10.0.0.0b3, …
    • (no CPE)range: <=14.0.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.