[Openstack-security] [Bug 1372643] Re: MITM vulnerability with XIV driver
Jay Bryant
jsbryant at us.ibm.com
Thu Oct 16 23:18:14 UTC 2014
Alon, any update on this? Are you going to be able to fix this in the
XIV code so that we don't have to try and get anything into Cinder now
that Juno has released?
** Changed in: cinder
Status: New => Triaged
** Changed in: cinder
Importance: Undecided => High
** Changed in: cinder
Milestone: None => kilo-1
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1372643
Title:
MITM vulnerability with XIV driver
Status in Cinder:
Triaged
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
The XIV driver in Juno appears to blindly trust whatever certificate
it gets back from the device without any validation. This would leave
it open to a MITM attack.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1372643/+subscriptions
More information about the Openstack-security
mailing list