this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination #2
Comments
|
This has been resolved with https://issues.apache.org/jira/browse/LIBCLOUD-65 More information is available at http://wiki.apache.org/incubator/LibcloudSSL |
kshileev
referenced
this issue
in epolyan/libcloud
May 4, 2011
rphillips
pushed a commit
to rphillips/libcloud
that referenced
this issue
Oct 6, 2011
Monitoring add notifications and notification plans
Kami
pushed a commit
that referenced
this issue
Aug 6, 2019
asfgit
pushed a commit
that referenced
this issue
Nov 5, 2020
asfgit
pushed a commit
that referenced
this issue
Dec 6, 2020
Add new image / snapshot / server certificate / virtual gateway features for outscale provider
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.
urllib / urllib2, httplib.SHTTPConnection do not verify ssl at all by default.
from base.py
class ConnectionKey(object):
"""
A Base Connection class to derive from.
"""
conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection)
....
def connect(self, host=None, port=None):
.....
connection = self.conn_classes[self.secure](host, port)
this request can be MITMed leading to the compromise of a users API key - where a secured https connection was requested, but can be MITM'ed.
The text was updated successfully, but these errors were encountered: