Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS
A vulnerability has been identified in the SUSE Virtualization (Harvester) Rancher integration mechanism where by default the registration client uses an insecure TLS option that fails to verify the remote server’s certificate. This security gap could allow the execution of a man-in-the-middle (MitM) attack against SUSE Virtualization. An attacker with network-level access between the SUSE Virtualization and Rancher Manager could interfere with the TLS handshake and abuse it to bypass …