[OSSA-2020-003] Keystone doesn't check signature TTL of the EC2 credential auth method (CVE-2020-12692)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Colleen Murphy | ||
OpenStack Security Advisory |
Fix Released
|
Undecided
|
Gage Hugo |
Bug Description
AWS Signature V4 has a limited TTL for a token signature, used to perform an authenticated request, usually it is 5 minutes. If there is a MITM possible, then an attacker can use a sniffed header only within 5 minutes.
Keystone doesn't have a signature TTL check, and if an attacker can sniff an auth header, this header can be used an unlimited number of times to reissue an openstack token.
I have an https:/
CVE References
description: | updated |
Changed in keystone: | |
milestone: | none → ussuri-rc1 |
Changed in ossa: | |
assignee: | nobody → Gage Hugo (gagehugo) |
summary: |
- Keystone doesn't check signature TTL of the EC2 credential auth method + [OSSA-2020-003] Keystone doesn't check signature TTL of the EC2 + credential auth method |
summary: |
[OSSA-2020-003] Keystone doesn't check signature TTL of the EC2 - credential auth method + credential auth method (CVE PENDING) |
Changed in ossa: | |
status: | Incomplete → In Progress |
summary: |
[OSSA-2020-003] Keystone doesn't check signature TTL of the EC2 - credential auth method (CVE PENDING) + credential auth method (CVE-2020-12692) |
Changed in ossa: | |
status: | In Progress → Fix Released |
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security
reviewers for the affected project or projects confirm the bug and
discuss the scope of any vulnerability along with potential
solutions.