Cloud in the Crosshairs: Exposing Vulnerabilities Across Open-Source Cloud Platforms

The security of open-source cloud platforms is paramount, given their widespread adoption in modern business operations. This study conducts a large-scale empirical security analysis of the web-based management interfaces of ten widely used open-source IaaS platforms. Using a black-box penetration testing methodology, we identified a total of 16 vulnerabilities spanning nine classes, including high-severity flaws that enable account takeover. Our findings, which culminated in the assignment of six new Common Vulnerabilities and Exposures (CVE) IDs, highlight a recurring pattern of security failures stemming from improper authentication, input validation, and server misconfigurations. In addition to a responsible vulnerability disclosure process, this work provides practical hardening recommendations to mitigate the identified weaknesses. By documenting these vulnerabilities and offering concrete mitigations, this research contributes to enhancing the security posture of cloud IaaS platforms and informs the development of more resilient web applications.