Back to search
CVE-2011-4076
Published: Nov 26, 2019
Modified: Aug 6, 2024
PUBLISHED
Description
OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY.
| Vendor | Product | Versions |
|---|---|---|
nova | nova | affected 2014.1.3-11 |
References
https://security-tracker.debian.org/tracker/CVE-2011-4076
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076
x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-4076
x_refsource_MISC
https://bugs.launchpad.net/nova/+bug/868360
x_refsource_MISC
https://www.openwall.com/lists/oss-security/2011/10/25/4
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now