New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
UNKNOWN PyPI

PYSEC-2013-45

PYSEC-2013-45

Published · Modified

Description

keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.

Ready to move

Start Securing

Free, no credit card | First findings in minutes