Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

Published

2022-08-26T16:15:08.867

Last Modified

2024-11-21T06:21:51.270

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.4 (HIGH)

Weaknesses

Type: Secondary
CWE-863
Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openstack	keystone	*	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	debian	debian_linux	11.0	Yes
Application	redhat	openstack_platform	10.0	Yes
Application	redhat	openstack_platform	13.0	Yes
Application	redhat	openstack_platform	16.1	Yes
Application	redhat	openstack_platform	16.2	Yes

References

https://access.redhat.com/security/cve/CVE-2021-3563 Issue Tracking, Third Party Advisory ([email protected])
https://bugs.launchpad.net/ossa/+bug/1901891 Exploit, Issue Tracking, Third Party Advisory, VDB Entry ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1962908 Exploit, Issue Tracking, Third Party Advisory, Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html ([email protected])
https://security-tracker.debian.org/tracker/CVE-2021-3563 Exploit, Issue Tracking, Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2021-3563 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/ossa/+bug/1901891 Exploit, Issue Tracking, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1962908 Exploit, Issue Tracking, Third Party Advisory, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html (af854a3a-2127-422b-91ae-364da2661108)
https://security-tracker.debian.org/tracker/CVE-2021-3563 Exploit, Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)