Authentication Weakness

Module: keystone

Published: December 4th, 2015

Reported by: Greg Meyer

CVE-NONE

CWE-287

Vulnerable: <0.3.16
Patched: >=0.3.16

Overview

Versions of keystone prior to 0.3.16 are affected by a partial authentication bypass vulnerability. In the default sign in functionality, if an attacker provides a full and correct password, yet only provides part of the associated email address, authentication will be granted.

Remediation

Update to version 0.3.16 or later.