[Openstack] Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!
Jay Pipes
jaypipes at gmail.com
Mon Dec 23 13:16:19 UTC 2013
On 12/22/2013 12:37 PM, Martinx - ジェームズ wrote:
> Stackers!
>
> I need a bit help here...
>
> My OpenStack Havana (Ubuntu 12.04.3) was working smoothly and, I don't
> know what had happened here but, now, I'm seeing some weird problems.
>
> Right now, the "Tenant A" is seeing the VNC Consoles of "Tenant B" !!!
>
> How is that even possible?! There is no authentication here to deal with
> this kind of things!? I'm really worried about this.
>
> Look:
>
> "Tenant A" Instances:
>
> Inline images 1
>
>
> "Tenant A" accessing the VNC Console of a "Tenant B" Instance!!!
>
> Inline images 2
>
>
> This is a very serious problem, since I'm giving to the "Tenant A",
> almost total access to "Tenant B" Instances!! This kind of situation
> should NEVER occur!
>
> What can I do to completely block this?
>
> I just started a new Instance for "Tenant A", and I'm seeing ANOTHER VNC
> Console from "Tenant B"!!
Thiago, yes, this is indeed a major security breach. If you have not
already, please create a bug in Launchpad with your image attachments
and a description to reproduce the bug if you can. Please mark the bug
as a security/private bug.
Thank you!
-jay
More information about the Openstack
mailing list