[Openstack-security] [Bug 1372635] Re: MITM vulnerability with EMC VMAX driver
Jay Bryant
jsbryant at us.ibm.com
Thu Oct 16 23:23:49 UTC 2014
Xing,
Any update on this? It would be nice to get this fixed in master so we
can at least cherry-pick it back to icehouse and juno. Let me know what
you think and if you have any better idea when you might have a fix.
Thanks!
** Changed in: cinder
Status: New => Triaged
** Changed in: cinder
Importance: Undecided => High
** Changed in: cinder
Milestone: next => kilo-1
** Tags added: drivers emc
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1372635
Title:
MITM vulnerability with EMC VMAX driver
Status in Cinder:
Triaged
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
The EMC VMAX driver in Juno appears to blindly trust whatever
certificate it gets back from the device without any validation (it
does not specify the ca_certs parameter, etc. on
WBEMConnection.__init__). This would leave it open to a MITM attack.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1372635/+subscriptions
More information about the Openstack-security
mailing list