MITM vulnerability with XIV driver
Bug #1372643 reported by
Matthew Edmonds
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Invalid
|
High
|
Alon Marx | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
The XIV driver in Juno appears to blindly trust whatever certificate it gets back from the device without any validation. This would leave it open to a MITM attack.
Changed in cinder: | |
assignee: | nobody → Alon Marx (alonma) |
Changed in ossa: | |
assignee: | Alon Marx (alonma) → nobody |
tags: | added: drivers xiv |
Changed in cinder: | |
status: | Triaged → Invalid |
Changed in cinder: | |
milestone: | kilo-1 → none |
To post a comment you must log in.
Thanks for the report! The OSSA task is set to incomplete pending additional details.
@Matthew and @cinder-coresec: Any chance we get this fix for Juno ?