[Openstack-security] [Bug 1372643] Re: MITM vulnerability with XIV driver
Alon Marx
alonma at il.ibm.com
Mon Oct 6 19:19:56 UTC 2014
I apologise for not updating this issue for a while.
I am working on a solution for this issue in the Juno timeframe. Because
we are close to release I am trying to get it to work without making any
changes in the open source code. In Kilo I plan an additional value in
cinder.conf to indicate the relevant paths, but for now I think we can
live with having a wide enough path internally.
** Changed in: ossa
Assignee: (unassigned) => Alon Marx (alonma)
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1372643
Title:
MITM vulnerability with XIV driver
Status in Cinder:
New
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
The XIV driver in Juno appears to blindly trust whatever certificate
it gets back from the device without any validation. This would leave
it open to a MITM attack.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1372643/+subscriptions
More information about the Openstack-security
mailing list