[Openstack-security] [Bug 1372643] Re: MITM vulnerability with XIV driver

Mike Perez thingee at gmail.com
Wed Oct 29 15:53:01 UTC 2014 

** Changed in: cinder
    Milestone: kilo-1 => None

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1372643

Title:
  MITM vulnerability with XIV driver

Status in Cinder:
  Invalid
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  The XIV driver in Juno appears to blindly trust whatever certificate
  it gets back from the device without any validation. This would leave
  it open to a MITM attack.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1372643/+subscriptions

More information about the Openstack-security mailing list