[Openstack-security] [Bug 1372643] Re: MITM vulnerability with XIV driver
Jeremy Stanley
fungi at yuggoth.org
Mon Oct 6 14:52:39 UTC 2014
This looks like another in the vein of bug 1188189 which we've so far
considered a security hardening opportunity, no advisory warranted.
** Information type changed from Private Security to Public
** Tags added: security
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1372643
Title:
MITM vulnerability with XIV driver
Status in Cinder:
New
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
The XIV driver in Juno appears to blindly trust whatever certificate
it gets back from the device without any validation. This would leave
it open to a MITM attack.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1372643/+subscriptions
More information about the Openstack-security
mailing list