=================================
Title: Token revocation failure using Keystone memcache/KVS backends
Reporter: Kieran Spear (University of Melbourne)
Products: Keystone
Affects: Folsom and later
Description:
Kieran Spear from the University of Melbourne reported a vulnerability in Keystone memcache and KVS token backends. The PKI token revocation lists stored the entire token instead of the token ID, triggering comparison failures, ultimately resulting in revoked PKI tokens still being considered valid. Only Keystone setups making use of PKI tokens with the memcache token backend (using Grizzly and later) and KVS token backend (using Folsom and Grizzly only, master branch is already fixed) are affected. Setups using UUID tokens, or using PKI tokens with the SQL token backend, are unaffected.
=================================
How about this ?
======= ======= ======= ======= =====
Title: Token revocation failure using Keystone memcache/KVS backends
Reporter: Kieran Spear (University of Melbourne)
Products: Keystone
Affects: Folsom and later
Description: ======= ======= ======= =====
Kieran Spear from the University of Melbourne reported a vulnerability in Keystone memcache and KVS token backends. The PKI token revocation lists stored the entire token instead of the token ID, triggering comparison failures, ultimately resulting in revoked PKI tokens still being considered valid. Only Keystone setups making use of PKI tokens with the memcache token backend (using Grizzly and later) and KVS token backend (using Folsom and Grizzly only, master branch is already fixed) are affected. Setups using UUID tokens, or using PKI tokens with the SQL token backend, are unaffected.
=======