this python project is vulnerable to MITM as it fails to verify the ssl
validity of the remote destination.
-----------------------------------------------------------------------------------------------------------
Key: LIBCLOUD-55
URL: https://issues.apache.org/jira/browse/LIBCLOUD-55
Project: Libcloud
Issue Type: Bug
Components: Core
Reporter: dave b ^^
this python project is vulnerable to MITM as it fails to verify the ssl
validity of the remote destination.
urllib / urllib2, httplib.SHTTPConnection do not verify ssl at all by default.
from base.py
class ConnectionKey(object):
""" A Base Connection class to derive from.
""" conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection)
.... def connect(self, host=None, port=None):
..... connection = self.conn_classesself.secure
this request can be MITMed leading to the compromise of a users API key - where
a secured https connection was requested, but can be MITM'ed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
