Multiple OpenStack Products SSL Certificate Validation CVE-2013-2255 Security Bypass Vulnerability

Multiple OpenStack products are prone to a security-bypass vulnerability because they fail to properly validate SSL certificates from the server.

An attacker can exploit this issue to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

The following products are vulnerable:

OpenStack Cinder
OpenStack Keystone
OpenStack Compute (nova)
OpenStack neutron
OpenStack python-keystoneclient


 

Privacy Statement
Copyright 2010, SecurityFocus