Comment 41 for bug 1179955

CVE-2013-4222 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4222):
  OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and
  Havana before havana-3 does not properly revoke user tokens when a tenant is
  disabled, which allows remote authenticated users to retain access via the
  token.