OSSN/OSSN-0008
< OSSN
Contents
DoS style attack on noVNC server can lead to service interruption or disruption [WIP]
Summary
Currently, there is no limiting on the number of VNC sessions that can be created for a single user's VNC token which enables one to cause a DoS attack on noVNC browser proxy by requesting multiple server. This prevents subsequent access to VM's VNC console.
Affected Services / Software
Horizon, Nova, Grizzly
Discussion
Recommended Actions
Contacts / References
- This OSSN : https://bugs.launchpad.net/ossn/+bug/1227575
- Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1227575
- OpenStack Security ML : openstack-security@lists.openstack.org
- OpenStack Security Group : https://launchpad.net/~openstack-ossg