[Openstack] Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!

Martinx - ジェームズ thiagocmartinsc at gmail.com
Sun Dec 22 17:37:02 UTC 2013


Stackers!

I need a bit help here...

My OpenStack Havana (Ubuntu 12.04.3) was working smoothly and, I don't know
what had happened here but, now, I'm seeing some weird problems.

Right now, the "Tenant A" is seeing the VNC Consoles of "Tenant B" !!!

How is that even possible?! There is no authentication here to deal with
this kind of things!? I'm really worried about this.

Look:

"Tenant A" Instances:

[image: Inline images 1]


"Tenant A" accessing the VNC Console of a "Tenant B" Instance!!!

[image: Inline images 2]


This is a very serious problem, since I'm giving to the "Tenant A", almost
total access to "Tenant B" Instances!! This kind of situation should NEVER
occur!

What can I do to completely block this?

I just started a new Instance for "Tenant A", and I'm seeing ANOTHER VNC
Console from "Tenant B"!!

Regards,
Thiago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131222/ba75a2bb/attachment.html>


More information about the Openstack mailing list