{
  "modified": "2025-08-09T19:01:28Z",
  "published": "2014-01-21T18:55:09Z",
  "id": "CVE-2013-2104",
  "details": "python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0944.html"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.ubuntu.com/usn/USN-1851-1"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.ubuntu.com/usn/USN-1875-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/05/28/7"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/python-keystoneclient/+bug/1179615"
    }
  ]
}