[Openstack-security] [Bug 1372643] Re: MITM vulnerability with XIV driver
Jeremy Stanley
fungi at yuggoth.org
Mon Oct 6 19:33:19 UTC 2014
** Changed in: cinder
Assignee: (unassigned) => Alon Marx (alonma)
** Changed in: ossa
Assignee: Alon Marx (alonma) => (unassigned)
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1372643
Title:
MITM vulnerability with XIV driver
Status in Cinder:
New
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
The XIV driver in Juno appears to blindly trust whatever certificate
it gets back from the device without any validation. This would leave
it open to a MITM attack.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1372643/+subscriptions
More information about the Openstack-security
mailing list