[Openstack-security] [Bug 1447679] Re: service No-VNC (port 6080) doesn't require authentication

Davanum Srinivas (DIMS) davanum at gmail.com
Sun Mar 6 15:09:56 UTC 2016 

** Changed in: nova
     Assignee: Michael Still (mikalstill) => (unassigned)

** Changed in: nova
       Status: In Progress => Confirmed

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1447679

Title:
  service No-VNC (port 6080) doesn't require authentication

Status in OpenStack Compute (nova):
  Confirmed
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  Reported via private E-mail from Anass ANNOUR:

  I found that the service No-VNC (port 6080) doesn't require
  authentication, if you know the URL (ex:
  http://192.168.198.164:6080/vnc_auto.html?token=3640a3c8-ad10-45da-a523-18d3793ef8ec)
  you can access the machine from any other computer without any
  authentication before the token expires. (or in the same time as user
  still use the console)

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1447679/+subscriptions

More information about the Openstack-security mailing list