© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
So this is an issue for a couple reasons:
* We appear to be using http (not TLS) to hit the cfn endpoint.
* Anyone who can spoof an IP and has the OS_* credentials can simply request this data (all the nodes that makes up a cloud, basically)
Additionally, were transmitting db passwords using this same mechanism. This means that even if we transmit the keystone key out of band anyone can get they keystone db password and then grab tokens out of the db.