Comment 5 for bug 1651679
Revision history for this message
| Bernhard M. Wiedemann (ubuntubmw) wrote Re: [Bug 1651679] Re: horizon auth switch redir DoS | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
On 2017-03-20 15:30, Jeremy Stanley wrote:
> Based on the description, it sounds like an unauthenticated actor can
> (through some manner of social engineering) compel an authenticated user
> to generate load on the server, but by design any authenticated
> malicious user could do this anyway even without the described bug?
embedding an img or iframe URL on a website someone visits (e.g. through
advertisement networks) is not that far fetched and does not even need
social engineering.
and yes, authenticated users could do load themselves,
but it might be a private cloud behind a corporate firewall, so
generating load on those from outside the firewall is still some extra
power.