Ovirt-engine did not verify key attributes from the the vdsm X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL certificate with invalid attributes that would otherwise prevent an certificate from being presented as valid
Hi, What sequence? what is the "server"? Thanks!
Statement: This issue affects the versions of ovirt-engine as shipped with Red Hat MRG 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.