Comment 17 for bug 1202952
Revision history for this message
| Thierry Carrez (ttx) wrote Re: PKI tokens are never revoked using memcache token backend | #17 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
New proposed impact description, please review:
=======
Title: Token revocation failure using Keystone memcache/KVS backends
Reporter: Kieran Spear (University of Melbourne)
Products: Keystone
Affects: Folsom and later
Description:
Kieran Spear from the University of Melbourne reported a vulnerability in Keystone memcache and KVS token backends. The token revocation lists stored the entire token instead of the token ID, triggering comparison failures, ultimately resulting in revoked tokens still being considered valid. Only Keystone setups making use of the memcache token backend (using Grizzly and later) and KVS token backend (using Folsom and Grizzly only, master branch is already fixed) are affected. The SQL token backend is unaffected.
=======