[Bug 988920] Re: Token authentication for a user in a disabled tenant does not raise Unauthorized error
Russell Bryant
988920 at bugs.launchpad.net
Thu Sep 27 13:46:46 UTC 2012
Can a keystone dev comment on the potential security impact of this bug?
I'm trying to figure out if we need to go back and issue a security
advisory for this. Would this token be successfully validated allowing
a user to do stuff with the token they shouldn't have received?
** This bug has been flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/988920
Title:
Token authentication for a user in a disabled tenant does not raise
Unauthorized error
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/988920/+subscriptions
More information about the Ubuntu-server-bugs
mailing list