Candidate: CVE-2014-2828
PublicDate: 2014-04-15 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828
 http://www.openwall.com/lists/oss-security/2014/04/10/20
Description:
 The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and
 icehouse before icehouse-rc2 allows remote attackers to cause a denial of
 service (CPU consumption) via a large number of the same authentication
 method in a request, aka "authentication chaining."
Ubuntu-Description:
Notes:
 mdeslaur> introduced by 9f812939
 mdeslaur> starting with 2013.1
Bugs:
 https://bugs.launchpad.net/keystone/+bug/1300274
Priority: medium
Discovered-by: Abu Shohel Ahmed
Assigned-to:
CVSS: 

Patches_keystone:
upstream_keystone: needs-triage
lucid_keystone: DNE
precise_keystone: not-affected (2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.1)
quantal_keystone: ignored (reached end-of-life)
saucy_keystone: ignored (reached end-of-life)
trusty_keystone: not-affected (1:2014.1~rc2-0ubuntu1)
trusty/esm_keystone: DNE (trusty was not-affected [1:2014.1~rc2-0ubuntu1])
devel_keystone: not-affected (1:2014.1~rc2-0ubuntu1)