CVE-2018-20170
EPSS 0.19%Published: 12/17/2018Modified: 11/8/2023
Description
** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory.
Affected packages (1)
- PyPI/keystonefrom 0, < 14.1.0