CVE-2018-20170


12/17/2018

CVE-2018-20170

** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor feels that the benefit to changing this might be too small relative to the performance degradation.

References: 
https://bugs.launchpad.net/keystone/+bug/1795800



Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *