[Openstack-security] [Bug 1372643] Re: MITM vulnerability with XIV driver
Robert Clark
1372643 at bugs.launchpad.net
Mon Oct 6 15:35:18 UTC 2014
While this might not need to be embargoed I think it should be taken
more seriously. Bug 1188189 was just over a year ago and since then most
projects have improved their security. So what we have here is an
outlying driver that offers a significantly lower standard of security
than the rest of the system.
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1372643
Title:
MITM vulnerability with XIV driver
Status in Cinder:
New
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
The XIV driver in Juno appears to blindly trust whatever certificate
it gets back from the device without any validation. This would leave
it open to a MITM attack.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1372643/+subscriptions
More information about the Openstack-security
mailing list