CVE-2015-7546

HIGH Year: 2015
CVSS v3 Score
7.5
High
CVSS v2 Score
6.0
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.

Related Vulnerabilities

CVE-2012-3823

HIGH
CVSS:7.5(High)

Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved.

CWE-5222012

CVE-2012-6663

HIGH
CVSS:7.5(High)

General Electric D20ME devices are not properly configured and reveal plaintext passwords.

CWE-5222012

CVE-2013-2106

HIGH
CVSS:7.5(High)

webauth before 4.6.1 has authentication credential disclosure

CWE-5222013

CVE-2013-2672

HIGH
CVSS:7.5(High)

Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords.

CWE-5222013

CVE-2013-3313

HIGH
CVSS:7.5(High)

The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can al...

CWE-5222013

CVE-2013-3620

HIGH
CVSS:7.5(High)

Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generati...

CWE-5222013