OpenStack Object Storage (swift)

  1. Series grizzly
  2. Bug #1265665
  3. Comment #9

Comment 9 for bug 1265665

Revision history for this message
Thierry Carrez (ttx) wrote : Re: Possible timing attack against tempurl

Proposed impact description:

----------------------------------------------------------
Title: Swift TempURL timing attack
Reporter: Samuel Merritt (SwiftStack)
Products: Swift
Affects: All supported versions

Description:
Samuel Merritt from SwiftStack reported a timing attack vulnerability in Swift TempURL middleware. By analyzing response times to arbitrary TempURL requests, an attacker may be able to guess valid secret URLs and get access to files that were only intended to be publicly shared with specific recipients. Only Swift setups enabling the TempURL middleware are affected.
----------------------------------------------------------