OpenStack Keystonemiddleware SSL Certificate Validation Security Bypass Vulnerability
BID:69864
Info
OpenStack Keystonemiddleware SSL Certificate Validation Security Bypass Vulnerability
| Bugtraq ID: | 69864 |
| Class: | Design Error |
| CVE: |
CVE-2014-7144 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 06 2014 12:00AM |
| Updated: | Nov 03 2015 08:11PM |
| Credit: | Qin Zhao from IBM |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
OpenStack Keystonemiddleware SSL Certificate Validation Security Bypass Vulnerability
OpenStack Keystonemiddleware is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from a server.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
OpenStack Keystonemiddleware is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from a server.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
Exploit / POC
OpenStack Keystonemiddleware SSL Certificate Validation Security Bypass Vulnerability
An attacker can use readily available network utilities to exploit this issue.
An attacker can use readily available network utilities to exploit this issue.
Solution / Fix
OpenStack Keystonemiddleware SSL Certificate Validation Security Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
OpenStack Keystonemiddleware SSL Certificate Validation Security Bypass Vulnerability
References:
References: