OpenStack Identity (keystone)

  1. Bug #1174499
  2. Comment #7

Comment 7 for bug 1174499

Revision history for this message
Kurt Seifried (kseifried) wrote :

One note:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=md5

Second note:
based on Adam Young's comments it sounds like even the ability to forge arbitrary MD5 hashes would not be directly exploitable as 1) the MD5 hashes are created by keystone and 2) the hashed value is a PKI token so there's an additional level pf protection. Is this correct?