Timing Side-Channel Attack in OpenStack Object Storage (Swift) Allows Secret URL Retrieval

Timing Side-Channel Attack in OpenStack Object Storage (Swift) Allows Secret URL Retrieval

CVE-2014-0006 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.

Learn more about our Web Application Penetration Testing UK.