OpenStack Nova vulnerability

ID USN-2325-1
Type ubuntu
Reporter Ubuntu
Modified 2014-08-21T00:00:00


Alex Gaynor discovered that OpenStack Nova would sometimes respond with variable times when comparing authentication tokens. If nova were configured to proxy metadata requests via Neutron, a remote authenticated attacker could exploit this to conduct timing attacks and ascertain configuration details of another instance.