Difference between revisions of "OSSN/OSSN-0008"
< OSSN
Sriramhere (talk | contribs) (→Contacts / References) |
Sriramhere (talk | contribs) (→Summary) |
||
Line 2: | Line 2: | ||
=== Summary === | === Summary === | ||
+ | Currently, there is no limiting on the number of VNC sessions that can be created for a single user's VNC token which enables one to cause a DoS attack on noVNC browser proxy by requesting multiple server. This prevents subsequent access to VM's VNC console. | ||
=== Affected Services / Software === | === Affected Services / Software === |
Revision as of 05:06, 19 December 2013
Contents
DoS style attack on noVNC server can lead to service interruption or disruption [WIP]
Summary
Currently, there is no limiting on the number of VNC sessions that can be created for a single user's VNC token which enables one to cause a DoS attack on noVNC browser proxy by requesting multiple server. This prevents subsequent access to VM's VNC console.
Affected Services / Software
Horizon, Nova, Grizzly
Discussion
Recommended Actions
Contacts / References
- This OSSN : https://bugs.launchpad.net/ossn/+bug/1227575
- Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1227575
- OpenStack Security ML : openstack-security@lists.openstack.org
- OpenStack Security Group : https://launchpad.net/~openstack-ossg