OpenStack Keystone: First 72 Chars Secret Verified Password Bypass
CVE-2021-3563 Published on August 26, 2022
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2021-3563 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2021-3563
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-3563 are published in these products:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.