TLS Certificate Verification Bypass in OpenStack Keystonemiddleware
CVE-2014-7144
Currently unrated
Key Information:
- Vendor
- Openstack
- Vendor
- CVE Published:
- 2 October 2014
Summary
The OpenStack Keystonemiddleware suffers from a vulnerability where certification verification can be disabled by setting the 'insecure' option in the paste configuration file. This allows remote attackers to potentially execute man-in-the-middle attacks by leveraging a crafted certificate, putting sensitive data at risk and compromising system integrity. It is crucial for users of affected versions to update and ensure proper TLS configurations.
References
Timeline
Vulnerability published
Vulnerability Reserved