A quick summary from me:
This basically says that a valid auth token in keystone is valid. No matter what. So if you have a valid auth token you can ask for another and get it. Even if your account has been disabled or the password changed. By doing this you can just keep requesting new tokens indefinitely and just stay authenticated. Even when there has been a change of status in your authentication credentials.
Not horribly bad. But certainly not good.
NIST Report on Vulnerability : Here