Product
OpenStack Keystone before 28.0.1 is vulnerable to an authentication bypass due to improper handling of the user enabled attribute in the LDAP identity backend when the user_enabled_invert configuration option is False, leading to disabled users being treated as enabled.