Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenStack Keystone 安全漏洞
Vulnerability Description
OpenStack是美国国家航空航天局(National Aeronautics and Space Administration)和美国Rackspace公司合作研发的一个云平台管理项目。OpenStack Keystone是其中的一个用于身份验证的项目,提供身份、令牌、目录和策略服务。 OpenStack Keystone 14.0.1及之前版本中存在安全漏洞,该漏洞源于用户在向/v3/auth/tokens URL发送POST请求时,无效用户的响应时间要快于有效用户的时间。攻击者可利用该漏洞枚举用户
CVSS Information
N/A
Vulnerability Type
N/A