CVE request: nova

[Jamie Strandboge <jamie () canonical com>]

A flaw was discovered in OpenStack nova[1] which allows someone with
access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the
EC2_SECRET_KEY (equivalent to a password). While the EC2_ACCESS_KEY is
typically not public, if the user exposes it via http or tools that
allow MITM over https, then an attacker could obtain the EC2_SECRET_KEY
easily. An attacker could also presumably brute force values for
EC2_ACCESS_KEY.

Fix:
https://review.openstack.org/#change,794

[1]https://launchpad.net/bugs/868360

-- 
Jamie Strandboge             | http://www.canonical.com

Attachment: signature.asc
Description: This is a digitally signed message part