Comment 17 for bug 1202952

New proposed impact description, please review:
Title: Token revocation failure using Keystone memcache/KVS backends
Reporter: Kieran Spear (University of Melbourne)
Products: Keystone
Affects: Folsom and later

Kieran Spear from the University of Melbourne reported a vulnerability in Keystone memcache and KVS token backends. The token revocation lists stored the entire token instead of the token ID, triggering comparison failures, ultimately resulting in revoked tokens still being considered valid. Only Keystone setups making use of the memcache token backend (using Grizzly and later) and KVS token backend (using Folsom and Grizzly only, master branch is already fixed) are affected. The SQL token backend is unaffected.