[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1447679] Related fix merged to nova-specs (master)

Submitter: Zuul
Branch:    master

commit 33a13a1aabee9d89a88c3b7e3e18244b2bd6a0c1
Author: pandatt <guojy8993 at>
Date:   Thu Dec 6 10:31:58 2018 +0800

    Proposal for a safer remote console with password authentication
    The feature aims at providing a safer remote console with password
    authentication. End users can set console password for their instances.
    Any user trying to access the password-encrypted console of instance
    will get a locked window from web console prompting for ``password``
    input, and this provides almost the same experience as using VNC clients
    (e.g vncviewer) to access vnc servers that require password
    Blueprint: nova-support-webvnc-with-password-anthentication
    Related-bug: #1447679
    Change-Id: I8416ceb88b9e9e6498a81c678944bc5d96700fc3

You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.

  service No-VNC (port 6080) doesn't require authentication

Status in OpenStack Compute (nova):
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  Reported via private E-mail from Anass ANNOUR:

  I found that the service No-VNC (port 6080) doesn't require
  authentication, if you know the URL (ex:
  you can access the machine from any other computer without any
  authentication before the token expires. (or in the same time as user
  still use the console)

To manage notifications about this bug go to: