14 DAY TRIAL // On June 13, Canonical published details about OpenStack Keystone vulnerabilities for its Ubuntu 13.04 and Ubuntu 12.10 operating systems.
According to Canonical, Keystone did not always properly verify expired PKI tokens or properly authenticate users.
It has been discovered that Keystone did not properly authenticate users when using the LDAP backend.
An attacker could obtain valid tokens and impersonate other users by supplying an empty password. By default, Ubuntu does not use the LDAP backend.
For a more detailed description of the security problems, you can visit Canonical's security notification.
Users can simply fix the security flaws by upgrading the operating systems to the latest python-keystone package, specific to each distribution.
A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is necessary.