git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1447673] Re: session ID reusable?


** Description changed:

- This issue is being treated as a potential security risk under embargo.
- Please do not make any public mention of embargoed (private) security
- vulnerabilities before their coordinated publication by the OpenStack
- Vulnerability Management Team in the form of an official OpenStack
- Security Advisory. This includes discussion of the bug or associated
- fixes in public forums such as mailing lists, code review systems and
- bug trackers. Please also avoid private disclosure to other individuals
- not already approved for access to this information, and provide this
- same reminder to those who are made aware of the issue prior to
- publication. All discussion should remain confined to this private bug
- report, and any proposed fixes should be added as to the bug as
- attachments.
- 
  Reported via private E-mail from Anass ANNOUR:
  
  I had tested to reply the session ID and the token to a local
  environnent between to distinct IP, and it worked perfectly.

-- 
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1447673

Title:
  session ID reusable?

Status in OpenStack Identity (keystone):
  Expired
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  Reported via private E-mail from Anass ANNOUR:

  I had tested to reply the session ID and the token to a local
  environnent between to distinct IP, and it worked perfectly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1447673/+subscriptions