[
https://issues.apache.org/jira/browse/LIBCLOUD-55?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12916275#action_12916275
]
dave b ^^ commented on LIBCLOUD-55:
-----------------------------------
OH sorry I missed the modifications you made to the software. Well my previous
comment still holds ...
> this python project is vulnerable to MITM as it fails to verify the ssl
> validity of the remote destination.
> -----------------------------------------------------------------------------------------------------------
>
> Key: LIBCLOUD-55
> URL: https://issues.apache.org/jira/browse/LIBCLOUD-55
> Project: Libcloud
> Issue Type: Bug
> Components: Core
> Affects Versions: 0.4.0
> Reporter: dave b ^^
> Assignee: Jed Smith
>
> this python project is vulnerable to MITM as it fails to verify the ssl
> validity of the remote destination.
> urllib / urllib2, httplib.SHTTPConnection do not verify ssl at all by default.
> from base.py
> class ConnectionKey(object):
> """ A Base Connection class to derive from.
> """ conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection)
> .... def connect(self, host=None, port=None):
> ..... connection = self.conn_classesself.secure
> this request can be MITMed leading to the compromise of a users API key -
> where a secured https connection was requested, but can be MITM'ed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
