[Openstack-security] Fwd: [Openstack] Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!

Thierry Carrez thierry at openstack.org
Thu Dec 26 10:57:04 UTC 2013


Sriram Subramanian wrote:
> Anybody seen this? Can we follow up with him for more details?

We had several people report the same type of "breach" in the past. It
always boiled down to people misunderstanding the power of the "admin"
users (which by default are not that much restricted by tenant boundaries).

I would not be surprised if that was the case here. Especially if the
reporter can't reproduce it on a "fresh" setup (where he would set up
normal users).

-- 
Thierry Carrez (ttx)




More information about the Openstack-security mailing list