this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.
Bug #675217 reported by
dave b.
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libcloud (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
as per my original bug report in libcloud, https:/
this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.
urllib / urllib2, httplib.
from base.py
class ConnectionKey(
""" A Base Connection class to derive from.
""" conn_classes = (httplib.
.... def connect(self, host=None, port=None):
..... connection = self.conn_
this request can be MITMed leading to the compromise of a users API key - where a secured https connection was requested, but can be MITM'ed.
visibility: | private → public |
Changed in libcloud (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
To post a comment you must log in.
This is fixed with the recent upload of 0.5.0 to Oneiric.