Security Advisory

CVE-2018-20170

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-12-17 06:00:00

Last updated 2024-11-14 20:09:49

Assigner mitre

State PUBLISHED

Description

OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendors position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory

← Browse all CVEs View on cve.org ↗