Vulnerabilities > CVE-2021-3563 - Incorrect Authorization vulnerability in multiple products

CVSS 7.4 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

NVD

Published: 2022-08-26

Updated: 2024-01-21

Summary

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

Vulnerable Configurations

Part	Description	Count
Application	Openstack Openstack Keystone *	1
Application	Redhat Redhat Openstack Platform 16.1 Redhat Openstack Platform 13.0 Redhat Openstack Platform 10.0 Redhat Openstack Platform 16.2	4
OS	Debian Debian Debian Linux 10.0 Debian Debian Linux 11.0	2

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References