| 2013-05-13 18:00:17 |
Eoghan Glynn |
bug |
|
|
added bug |
| 2013-05-13 18:20:15 |
Eoghan Glynn |
bug |
|
|
added subscriber Adam Young |
| 2013-05-13 18:21:58 |
Eoghan Glynn |
description |
Unless I'm mistaken the keystoneclient auth_token middleware seems to neglecting to check the expiry of signed tokens.
Instead, it only checks if the proposed token has been explicitly revoked:
https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/middleware/auth_token.py#L1047
Surely the expiration timestamp needs to be checked also and the token rejected if expired. |
Unless I'm mistaken the keystoneclient auth_token middleware seems to be neglecting to check the expiry of signed tokens.
Instead, it only checks if the proposed token has been explicitly revoked:
https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/middleware/auth_token.py#L1047
Surely the expiration timestamp needs to be checked also and the token rejected if expired. |
|
| 2013-05-13 19:06:00 |
Adam Young |
attachment added |
|
explicitly check the expiry https://bugs.launchpad.net/python-keystoneclient/+bug/1179615/+attachment/3675577/+files/keystoneclient-ayoung-0000-Check-Expiry.patch |
|
| 2013-05-13 19:17:31 |
Adam Young |
bug |
|
|
added subscriber Dolph Mathews |
| 2013-05-13 19:24:43 |
Adam Young |
attachment added |
|
keystoneclient-ayoung-0000-1-Check-Expiry.patch https://bugs.launchpad.net/python-keystoneclient/+bug/1179615/+attachment/3675581/+files/keystoneclient-ayoung-0000-1-Check-Expiry.patch |
|
| 2013-05-13 20:19:32 |
Adam Young |
attachment added |
|
keystone-ayoung-0002-1-Check-token-Expiration.patch https://bugs.launchpad.net/python-keystoneclient/+bug/1179615/+attachment/3675646/+files/keystone-ayoung-0002-1-Check-token-Expiration.patch |
|
| 2013-05-13 20:21:16 |
Adam Young |
python-keystoneclient: assignee |
|
Adam Young (ayoung) |
|
| 2013-05-13 20:21:20 |
Adam Young |
python-keystoneclient: status |
New |
Confirmed |
|
| 2013-05-13 20:24:45 |
Adam Young |
bug |
|
|
added subscriber OpenStack Vulnerability Management team |
| 2013-05-13 20:28:20 |
Russell Bryant |
python-keystoneclient: importance |
Undecided |
Critical |
|
| 2013-05-14 09:50:12 |
Thierry Carrez |
bug task added |
|
keystone |
|
| 2013-05-14 09:50:22 |
Thierry Carrez |
nominated for series |
|
keystone/folsom |
|
| 2013-05-14 09:50:22 |
Thierry Carrez |
bug task added |
|
keystone/folsom |
|
| 2013-05-14 09:50:29 |
Thierry Carrez |
keystone: status |
New |
Invalid |
|
| 2013-05-14 09:50:34 |
Thierry Carrez |
keystone/folsom: status |
New |
Confirmed |
|
| 2013-05-14 09:50:37 |
Thierry Carrez |
keystone/folsom: importance |
Undecided |
Critical |
|
| 2013-05-14 09:51:05 |
Thierry Carrez |
bug |
|
|
added subscriber Keystone Core Developers |
| 2013-05-14 09:51:56 |
Thierry Carrez |
keystone/folsom: assignee |
|
Adam Young (ayoung) |
|
| 2013-05-15 14:46:14 |
Adam Young |
bug |
|
|
added subscriber Paul McMillan |
| 2013-05-15 14:47:04 |
Adam Young |
bug |
|
|
added subscriber Simo Sorce |
| 2013-05-15 15:46:03 |
Thierry Carrez |
bug |
|
|
added subscriber Bryan D. Payne |
| 2013-05-20 09:22:23 |
Thierry Carrez |
cve linked |
|
2013-2104 |
|
| 2013-05-20 20:39:02 |
Dolph Mathews |
bug |
|
|
added subscriber Alex Meade |
| 2013-05-21 10:16:05 |
Thierry Carrez |
python-keystoneclient: status |
Confirmed |
Triaged |
|
| 2013-05-21 10:16:15 |
Thierry Carrez |
keystone/folsom: status |
Confirmed |
Triaged |
|
| 2013-05-21 14:29:37 |
Thierry Carrez |
bug |
|
|
added subscriber Canonical Security Team |
| 2013-05-23 09:27:12 |
Thierry Carrez |
bug |
|
|
added subscriber Matthew Thode |
| 2013-05-24 10:04:17 |
Thierry Carrez |
bug task added |
|
ossa |
|
| 2013-05-24 10:05:33 |
Thierry Carrez |
ossa: status |
New |
In Progress |
|
| 2013-05-24 10:05:52 |
Thierry Carrez |
ossa: importance |
Undecided |
High |
|
| 2013-05-24 10:05:55 |
Thierry Carrez |
ossa: assignee |
|
Thierry Carrez (ttx) |
|
| 2013-05-24 10:06:21 |
Thierry Carrez |
ossa: status |
In Progress |
Fix Committed |
|
| 2013-05-24 22:16:43 |
Adam Young |
attachment added |
|
patch rebased on top of "Update Certs" https://bugs.launchpad.net/python-keystoneclient/+bug/1179615/+attachment/3686129/+files/keystone-ayoung-0002-2-Check-token-Expiration.patch |
|
| 2013-05-28 13:58:14 |
Adam Young |
attachment added |
|
Rebased https://bugs.launchpad.net/python-keystoneclient/+bug/1179615/+attachment/3688806/+files/keystoneclient-ayoung-0000-2-Check-Expiry.patch |
|
| 2013-05-28 15:00:35 |
Thierry Carrez |
information type |
Private Security |
Public Security |
|
| 2013-05-28 15:01:04 |
OpenStack Infra |
python-keystoneclient: status |
Triaged |
In Progress |
|
| 2013-05-28 15:01:04 |
OpenStack Infra |
python-keystoneclient: assignee |
Adam Young (ayoung) |
Thierry Carrez (ttx) |
|
| 2013-05-28 15:01:15 |
OpenStack Infra |
keystone/folsom: status |
Triaged |
In Progress |
|
| 2013-05-28 15:01:15 |
OpenStack Infra |
keystone/folsom: assignee |
Adam Young (ayoung) |
Thierry Carrez (ttx) |
|
| 2013-05-28 15:04:58 |
Thierry Carrez |
summary |
auth_token middleware neglects to check expiry of signed token |
[OSSA 2013-014] auth_token middleware neglects to check expiry of signed token |
|
| 2013-05-28 15:07:57 |
Thierry Carrez |
python-keystoneclient: assignee |
Thierry Carrez (ttx) |
Adam Young (ayoung) |
|
| 2013-05-28 15:08:05 |
Thierry Carrez |
keystone/folsom: assignee |
Thierry Carrez (ttx) |
Adam Young (ayoung) |
|
| 2013-05-28 16:40:12 |
OpenStack Infra |
keystone/folsom: assignee |
Adam Young (ayoung) |
Dolph Mathews (dolph) |
|
| 2013-05-28 16:51:06 |
OpenStack Infra |
python-keystoneclient: status |
In Progress |
Fix Committed |
|
| 2013-05-28 16:58:11 |
OpenStack Infra |
keystone/folsom: assignee |
Dolph Mathews (dolph) |
Adam Young (ayoung) |
|
| 2013-05-28 17:30:43 |
OpenStack Infra |
keystone/folsom: assignee |
Adam Young (ayoung) |
Dolph Mathews (dolph) |
|
| 2013-05-28 17:48:55 |
OpenStack Infra |
keystone/folsom: assignee |
Dolph Mathews (dolph) |
Adam Young (ayoung) |
|
| 2013-05-28 19:10:36 |
OpenStack Infra |
keystone/folsom: assignee |
Adam Young (ayoung) |
Dolph Mathews (dolph) |
|
| 2013-05-28 19:46:59 |
OpenStack Infra |
keystone/folsom: assignee |
Dolph Mathews (dolph) |
Thierry Carrez (ttx) |
|
| 2013-05-28 19:51:57 |
OpenStack Infra |
keystone/folsom: assignee |
Thierry Carrez (ttx) |
Dolph Mathews (dolph) |
|
| 2013-05-28 20:03:13 |
OpenStack Infra |
keystone/folsom: assignee |
Dolph Mathews (dolph) |
Adam Young (ayoung) |
|
| 2013-05-28 20:56:12 |
OpenStack Infra |
keystone/folsom: status |
In Progress |
Fix Committed |
|
| 2013-05-28 22:05:42 |
Thierry Carrez |
ossa: status |
Fix Committed |
Fix Released |
|
| 2013-05-29 14:01:29 |
Thierry Carrez |
removed subscriber OpenStack Vulnerability Management team |
|
|
|
| 2013-05-29 14:01:34 |
Thierry Carrez |
bug |
|
|
added subscriber Thierry Carrez |
| 2013-05-29 14:36:51 |
Thierry Carrez |
attachment added |
|
0.2.3.patch https://bugs.launchpad.net/python-keystoneclient/+bug/1179615/+attachment/3689934/+files/0.2.3.patch |
|
| 2013-05-29 15:43:52 |
Matthew Thode |
attachment added |
|
0001-backport-of-Ie06500d446f55fd0ad67ea540c92d8cfc57483f.patch https://bugs.launchpad.net/python-keystoneclient/+bug/1179615/+attachment/3689978/+files/0001-backport-of-Ie06500d446f55fd0ad67ea540c92d8cfc57483f.patch |
|
| 2013-05-29 16:22:45 |
Dolph Mathews |
python-keystoneclient: milestone |
|
0.2.4 |
|
| 2013-05-29 16:26:04 |
Dolph Mathews |
python-keystoneclient: status |
Fix Committed |
Fix Released |
|
| 2013-06-03 23:40:16 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/raring-security/python-keystoneclient |
|
| 2013-06-14 02:38:11 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/quantal-security/keystone |
|
| 2013-06-14 03:03:23 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/quantal-updates/keystone |
|
| 2014-06-04 23:27:20 |
Morgan Fainberg |
keystone/folsom: status |
Fix Committed |
Fix Released |
|
