On Mon, Dec 9, 2013 at 3:06 PM, Clark, Robert Graham <robert.clark at hp.com>wrote: > Guys, > > > > Is there any way you know of to infer or guess at the UUID of a compute > instance belonging to another tenant? > > You can infer or guess at the EC2 IDs. These are mapped in the database to the UUIDs which are considerably harder to guess directly. Reading through the EC2 API code, however, I don't see anything that would make it obviously simple for an attacker to get the UUID mapped to any arbitrary EC2 ID. Regards, Eric Windisch -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131210/e188da89/attachment.html>