Authentication Weakness

Module: keystone

Published: December 4th, 2015

Reported by: Greg Meyer

CVE-NONE

CWE-

Vulnerable: <0.3.16
Patched: >=0.3.16

Overview

Due to a bug in the the default sign in functionality, incomplete email addresses could be matched. A correct password is still required to complete sign in.

Remediation

Users of this module should update to version 0.3.16 or greater

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo