Description
Qin Zhao discovered Keystone disabled certification verification when
the "insecure" option is set in a paste configuration (paste.ini)
file regardless of the value, which allows remote attackers to conduct
man-in-the-middle attacks via a crafted certificate. (CVE-2014-7144)
Brant Knudson discovered Keystone disabled certification verification when
the "insecure" option is set in a paste configuration (paste.ini)
file regardless of the value, which allows remote attackers to conduct
man-in-the-middle attacks via a crafted certificate. (CVE-2015-1852)