Comment 30 for bug 1202952

Final list of affected branches / drivers:

  stable/grizzly + kvs token driver
  stable/grizzly + memcache token driver
  stable/folsom + kvs token driver
  stable/folsom + memcache token driver

I originally had marked "master + memcache token driver" as "affected" because it returns a relatively bloated API response (as the other failing implementations do), however the response itself does not present a vulnerability because the "id" values are MD5-hashed as expected.

As far as I can tell, this API has never been previously documented or tested at all, hence the inconsistencies in implementation.