CVE 2013-2157
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.
Related bugs and status
CVE-2013-2157 (Candidate) is related to these bugs:
Bug #1187305: [OSSA 2013-015] LDAP vulnerability when checking user credentials (CVE-2013-2157)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1187305 | [OSSA 2013-015] LDAP vulnerability when checking user credentials (CVE-2013-2157) | OpenStack Identity (keystone) | Critical | Fix Released | ||
| 1187305 | [OSSA 2013-015] LDAP vulnerability when checking user credentials (CVE-2013-2157) | OpenStack Security Advisory | Critical | Fix Released | ||
| 1187305 | [OSSA 2013-015] LDAP vulnerability when checking user credentials (CVE-2013-2157) | OpenStack Identity (keystone) folsom | Critical | Fix Released | ||
| 1187305 | [OSSA 2013-015] LDAP vulnerability when checking user credentials (CVE-2013-2157) | OpenStack Identity (keystone) grizzly | Critical | Fix Released | ||
Bug #1188788: Meta bug for tracking Openstack 2013.1.2 Stable Update
Bug #1210447: Meta bug for tracking Openstack 2013.1.3 Stable Update
See the 
CVE page on Mitre.org
for more details.
