@Paul, well I tend to agree this is a vulnerability (class A according to the VMT taxonomy: http://security.openstack.org/vmt-process.html#incident-report-taxonomy ). However, since a malicious user can't control the condition of exploitation, other VMT member may disagree with issuing an advisory for this issue.
I guess it boils down to how likely a user can snoop sensitive traffic.
@Paul, well I tend to agree this is a vulnerability (class A according to the VMT taxonomy: http:// security. openstack. org/vmt- process. html#incident- report- taxonomy ). However, since a malicious user can't control the condition of exploitation, other VMT member may disagree with issuing an advisory for this issue.
I guess it boils down to how likely a user can snoop sensitive traffic.