MAAS

The metadata API method to turn off PXE booting for a node is accessible without authentication.

Bug #1015559 reported by Raphaël Badin on 2012-06-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	MAAS	Won't Fix	Low	Unassigned

Bug Description

This permits a denial of service attack but it's not clear how we should fix this at the moment. That flaw existed in Cobbler as well. We will first achieve feature parity with Cobbler before addressing that problem.

See original description

Tags:

Gavin Panella (allenap) on 2012-06-20

description:

updated

Revision history for this message

Julian Edwards (julian-edwards) wrote on 2012-06-20: Re: [Bug 1015559] Re: The metadata API method to turn off PXE booting for a node is accessible without authentication.

For now, we might rely on the fact that this sort of stuff is most likely to
be on a trusted management network only. At the risk of assuming too much
good about Cobbler, I suspect that's the rationale for its way of doing it.

Andres Rodriguez (andreserl) on 2016-08-22

Changed in maas:
status:	Triaged → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.