** Summary changed: - [OSSA 2015-006] PKI Token Revocation Bypass (CVE-2015-7546) + [OSSA 2015-005] PKI Token Revocation Bypass (CVE-2015-7546)
** Changed in: ossa Status: Confirmed => Fix Released ** Summary changed: - [OSSA 2015-005] PKI Token Revocation Bypass (CVE-2015-7546) + [OSSA 2016-005] PKI Token Revocation Bypass (CVE-2015-7546) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1490804 Title: [OSSA 2016-005] PKI Token Revocation Bypass (CVE-2015-7546) Status in django-openstack-auth: Invalid Status in OpenStack Identity (keystone): Fix Released Status in OpenStack Identity (keystone) kilo series: Fix Committed Status in keystonemiddleware: Fix Released Status in OpenStack Security Advisory: Fix Released Status in OpenStack Security Notes: Fix Released Status in python-keystoneclient: Won't Fix Bug description: A keystone token which has been revoked can still be used by manipulating particular byte fields within the token. When a Keystone token is revoked it is added to the revoked list which stores the exact token value. Any API will look at the token to see whether or not it should accept a token. By changing a single byte within the token, the revocation can be bypassed. see the testing script [1]. It is suggested that the revocation should be changed to only check the token's inner ID. [1] http://paste.openstack.org/show/436516/ To manage notifications about this bug go to: https://bugs.launchpad.net/django-openstack-auth/+bug/1490804/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp