*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
as per my original bug report in libcloud, https://issues.apache.org/jira/browse/LIBCLOUD-55 this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination. urllib / urllib2, httplib.SHTTPConnection do not verify ssl at all by default. from base.py class ConnectionKey(object): """ A Base Connection class to derive from. """ conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection) .... def connect(self, host=None, port=None): ..... connection = self.conn_classesself.secure this request can be MITMed leading to the compromise of a users API key - where a secured https connection was requested, but can be MITM'ed. ** Affects: libcloud (Ubuntu) Importance: Medium Status: Confirmed -- this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination. https://bugs.edge.launchpad.net/bugs/675217 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
