How severe is CVE-2021-38155?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-38155?

This is classified as CWE-307, which is a common weakness in software security.

CVE-2021-38155 - HIGH Severity | CVSS 7.5

Vulnerability Description

OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.

Related Vulnerabilities

CVE-1999-1152

HIGH

CVSS:7.5(High)

Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force att...

CWE-3071999

CVE-2002-0628

HIGH

CVSS:7.5(High)

The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute f...

CWE-3072002

CVE-2013-1895

HIGH

CVSS:7.5(High)

The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the pa...

CWE-3072013

CVE-2013-2257

HIGH

CVSS:7.5(High)

Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness

CWE-3072013

CVE-2015-20110

HIGH

CVSS:7.5(High)

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by bru...

CWE-3072015

CVE-2017-14423

HIGH

CVSS:7.5(High)

htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remo...

CWE-3072017