CVE-2013-6434
Published: 24 January 2014
The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server.
Notes
Author | Note |
---|---|
seth-arnold | Insufficient details were provided to determine where the fault is -- the Red Hat update is to their rhevm package -- so I've marked spice as the involved package until this can be researched further. |
mdeslaur | possibly https://github.com/oVirt/ovirt-engine/commit/f39cf23b6fedc924d054e3178242388e52a3c7ed likely rhevm specific |