[Openstack-security] [Bug 1372635] Re: MITM vulnerability with EMC VMAX driver
Jeremy Stanley
fungi at yuggoth.org
Thu Oct 9 13:14:12 UTC 2014
I don't necessarily disagree with this stance, but from a pragmatic
perspective the VMT lacks any real authority to put all OpenStack
development on lockdown and hold developers hostage so that they're
forced to redesign internal communication between components with more
secure mechanisms rather than work on their various pet features. As
much as I wish we could...
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1372635
Title:
MITM vulnerability with EMC VMAX driver
Status in Cinder:
New
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
The EMC VMAX driver in Juno appears to blindly trust whatever
certificate it gets back from the device without any validation (it
does not specify the ca_certs parameter, etc. on
WBEMConnection.__init__). This would leave it open to a MITM attack.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1372635/+subscriptions
More information about the Openstack-security
mailing list