CVE-2018-20170 is a vulnerability in OpenStack Keystone
Published on December 17, 2018
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory
Products Associated with CVE-2018-20170
Want to know whenever a new CVE is published for OpenStack Keystone? stack.watch will email you.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.