Cinder Brocade driver does not do certificate validation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
New
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
It is observed that the brocade driver found at cinder/
if requestType == zone_constant.
elif requestType == zone_constant.
This could lead to insecure communication and man-in-the-middle attacks.
This is just a duplicate of long-standing (public hardening opportunity) bug 1188189 and corresponding OSSN-0033 ( https:/ /wiki.openstack .org/wiki/ OSSN/OSSN- 0033 ) right? I'm pretty sure the OpenStack VMT wouldn't issue an advisory in this case nor is there much point in keeping the issue private and embargoed.