[Openstack-security] [Bug 1447679] Re: service No-VNC (port 6080) doesn't require authentication

OpenStack Infra 1447679 at bugs.launchpad.net
Tue Jul 21 19:11:19 UTC 2015 

** Changed in: nova
     Assignee: Tony Breeds (o-tony) => Michael Still (mikalstill)

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1447679

Title:
  service No-VNC (port 6080) doesn't require authentication

Status in OpenStack Compute (nova):
  In Progress
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  Reported via private E-mail from Anass ANNOUR:

  I found that the service No-VNC (port 6080) doesn't require
  authentication, if you know the URL (ex:
  http://192.168.198.164:6080/vnc_auto.html?token=3640a3c8-ad10-45da-a523-18d3793ef8ec)
  you can access the machine from any other computer without any
  authentication before the token expires. (or in the same time as user
  still use the console)

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1447679/+subscriptions

More information about the Openstack-security mailing list