Comment 12 for bug 1202952

Revision history for this message
Thierry Carrez (ttx) wrote : Re: PKI tokens are never revoked using memcache token backend

Keystone core, please review proposed patch !
Kieran: should we credit a company in addition to your name ?
My understanding is that only the memcache backend is affected in master... but what about Folsom/Grizzly ? Is the KVS backend affected there ? Comments are contradictory :)

Proposed impact description, please review:
=================================
Title: Token revocation failure when using Keystone memcache backend
Reporter: Kieran Spear ($COMPANY)
Products: Keystone
Affects: Folsom and later

Description:
Kieran Spear from $COMPANY reported a vulnerability in Keystone memcache token backend. The memcache token revocation lists stored the entire token instead of the token ID, triggering comparison failures, ultimately resulting in revoked tokens still being considered valid. Only Keystone setups making use of the memcache token backend are affected.
=================================