[Openstack-security] [Bug 1372635] Re: MITM vulnerability with EMC VMAX driver
Matt Riedemann
mriedem at us.ibm.com
Wed Oct 22 19:53:21 UTC 2014
Per comment 25, has anyone reported a bug against Ubuntu for packaging
of pywbem?
Otherwise, we could put some conditional logic in the code that checks
the signature of the pywbem library and if the args are available use
them, if not don't - or try to use them and catch an exception and
handle it gracefully with a note about why we have to do the conditional
checks.
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1372635
Title:
MITM vulnerability with EMC VMAX driver
Status in Cinder:
Triaged
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
The EMC VMAX driver in Juno appears to blindly trust whatever
certificate it gets back from the device without any validation (it
does not specify the ca_certs parameter, etc. on
WBEMConnection.__init__). This would leave it open to a MITM attack.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1372635/+subscriptions
More information about the Openstack-security
mailing list