Comment 15 for bug 1199783

Jeremy Stanley (fungi) wrote :

Updated impact description...
--------

Title: Missing SSL certificate check in Python Swift client
Reporter: Thomas Leaman (HP)
Products: python-swiftclient
Affects: All versions

Description:
Thomas Leaman from HP reported that the Python Swift client was failing to properly check certificates during the establishment of HTTPS connections. A remote attacker with access over segments of the network between client and server could potentially set up a man-in-the-middle attack and access the contents of the Swift client's communication with the server, including any used credentials.