Reply to post: Setting authentication information over unauthenticated channels?!

You can hijack Google Cloud VMs using DHCP floods, says this guy, once the stars are aligned and...

aphiatri

Setting authentication information over unauthenticated channels?!

Who thought it would be a good idea to configure credentials over an unauthenticated connection on a shared network?

Why don't they just pass them through the hypervisor instead? Simply communicating over an emulated serial connection or an additional network containing just the VM and the hypervisor/metadata server?

Or they could simply change the necessary files on the template disk before booting it.

So many ways of doing this securely but instead they chose an unencrypted, unauthenticated communications channel, giving everyone on the same subnet root access to all other machines...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021