[HGI-news-int] HGI researcher find critical vulnerability in Eucalyptus clouds
English Newsletter of the Horst Goertz Institute of IT Security in Bochum
hgi-news-international at lists.ruhr-uni-bochum.de
Tue May 31 16:29:38 CEST 2011
Cloud Computing remains controversial: Private cloud providers face
serious security issues as shown by Professor Jörg Schwenk and further
members of the Horst Görtz Institute for IT security in Bochum, Germany.
The team used XML Signature Element Wrapping attacks to allow an
unauthenticated remote attacker, who gains a single message exchanged
between the authenticated user and a Eucalyptus installation, to modify
intercepted SOAP requests and submit arbitrary and valid commands to the
SOAP interface.
Via the open source implementation Eucalyptus more than 25.000 private
clouds have emerged over the past three years (about 40 percent of the
Fortune 100 companies use this software platform). The vulnerability has
been resolved and an update is available.
Further information can be found at
http://open.eucalyptus.com/news/2011-05-25-eucalyptus-203
http://h-online.com/-1252593
More information about the HGI-News-International
mailing list