Comment 2 for bug 1287301

Draft impact description #1:

Title: Token revocation does not revoke cached tokens
Reporter: Alexei Kornienko (Mirantis)
Products: python-keystoneclient
Affects: All versions up to 0.6.0

Description:
Alexei Kornienko from Mirantis reported a vulnerability in Keystone auth_token middleware (shipped in python-keystoneclient). Once an user is authenticated to a service, issuing a token revocation for this user won't prevent him from using that service with the same token until it is expired. Only Keystone middleware setups using auth_token with PKI token and cache enabled are affected.