{"id":"PYSEC-2018-9","details":"** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory.","aliases":["CVE-2018-20170"],"modified":"2023-11-08T04:00:11.214462Z","published":"2018-12-17T07:29:00Z","references":[{"type":"WEB","url":"https://bugs.launchpad.net/keystone/+bug/1795800"}],"affected":[{"package":{"name":"keystone","ecosystem":"PyPI","purl":"pkg:pypi/keystone"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.1.0"}]}],"versions":["12.0.2","12.0.3","13.0.2","13.0.3","13.0.4","14.0.0","14.0.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2018-9.yaml"}}],"schema_version":"1.7.3"}