This is from the internal security review recommendations.
Severity: High
Description / Exploit: The RPC Nova API endpoint transmits sensitive or security-critical data (API keys) in cleartext in a communication channel that can be sniffed by unauthorized actors.
Impact: Anyone can read the information by gaining access to the channel being used for communication.
This will likely require attribute default changes, http -> https upgrade testing, https client cert/bundle testing (see other open issues around https and client certs), and changes to novarc files, monitoring/monit checks.
This is from the internal security review recommendations.
Severity: High
Description / Exploit: The RPC Nova API endpoint transmits sensitive or security-critical data (API keys) in cleartext in a communication channel that can be sniffed by unauthorized actors.
Impact: Anyone can read the information by gaining access to the channel being used for communication.
Systems Vulnerable: http://198.101.133.159:8774
Suggested Mitigation: Encrypt the data with a reliable encryption scheme before transmitting (SSL, TLS).
Further References: http://cwe.mitre.org/data/definitions/319.html https://owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet
This will likely require attribute default changes, http -> https upgrade testing, https client cert/bundle testing (see other open issues around https and client certs), and changes to novarc files, monitoring/monit checks.
Affects: