CVE request for vulnerability in OpenStack Keystone

[Tristan Cacqueray <tristan.cacqueray () enovance com>]

A vulnerability was discovered in OpenStack (see below). In order to
ensure full traceability, we need a CVE number assigned that we can
attach to further notifications. This issue is already public, although
an advisory was not sent yet.

Title: Keystone DoS through V3 API authentication chaining
Reporter: Abu Shohel Ahmed (Ericsson)
Products: Keystone
Versions: from 2013.1 to 2013.2.3

Description:
Abu Shohel Ahmed from Ericsson reported a vulnerability in Keystone V3
API authentication. By sending a single request with the same
authentication method multiple times, a remote attacker may generate
unwanted load on the Keystone host, potentially resulting in a Denial of
Service against a Keystone service. Only Keystone setups enabling V3 API
are affected.

References:
https://launchpad.net/bugs/1300274

Thanks in advance,

-- 
Tristan Cacqueray
OpenStack Vulnerability Management Team

Attachment: signature.asc
Description: OpenPGP digital signature