[Openstack-security] [OSSN][DRAFT] Disabling a tenant does not disable a user token
Thierry Carrez
thierry at openstack.org
Thu Aug 8 08:43:06 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Kurt Seifried wrote:
> On 08/07/2013 06:33 AM, Clark, Robert Graham wrote:
>> [DRAFT] - Please Review Disabling a tenant does not disable a
>> user token ----
> [...] I assume this needs a CVE?
Your call... To me it's more of an explanation of how things work
(non-obvious design with potential security implications which need to
be communicated to users) than a vulnerability... which is why this
was handled as a security note rather than an advisory.
- --
Thierry Carrez (ttx)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCAAGBQJSA1oaAAoJEFB6+JAlsQQje64P/08RR6x5zZzVHcileo4fA1wg
SODsQ5tADbwYuhLE+3lUUg94xpyR/WQahPPf/BzQyPH+cWg5EIPDJMaY3WYwiscT
8mLit1an3O792OUKN26zVWHzQJj9iR6qXZ5Dn4rh4ePEDy9Op8bWboZH/lxfut0J
5ETpoiMUjL59CbztW0nLm6QO9zy7oKnYBRpakLXq2hj9tJuAPPn+eyAHKdUcMtqu
uWdUXDCnHJmwxmmAhBL+DhPcDuBApMYP9lIDQihB7tUlPwqdFUVMwnEVykDKiTuU
falFDU2F1b2hNNG1Klh0yJCTuqbHTS6o31CAlI2a50iMik1Vp6V/+kv/u9/W+UN+
pFiYl90wTPbz1h4Kvw3imniXyySWhw1lWfjX72QPi6WJY4KdEmx3WLcmhllwpJCl
/nw5hSalmGOnUKFFu4oB6A8i8xGSPd8fZL0XigeUAhTVyNWVZzwW1X05Ljw7rROM
9m0hQj5pGohhBN6Aek50zNUw5sX4nyNqAmasoUtmS7D02bvNyiPKe79mLsQyUvkl
mTW7w6A47jHbPH6VMs5Gn3QPp4yAOPdsunEtCvG/BmufvU16OrXMXJsrm/vj440K
wsiOElVZqRBMLXW5ir4q+CE1RRTP2Sb/io1vh1cteXZBJD437wznzAFpRFyLTMif
3IXIrXr3yhNmcsdkYwKf
=HW13
-----END PGP SIGNATURE-----
More information about the Openstack-security
mailing list