CVE-2018-20170
EPSS 0.19%發布日:2018/12/17修改日:2023/11/8
描述
** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory.
受影響套件(1)
- PyPI/keystonefrom 0, < 14.1.0