© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Please review and comment on the OSSN published for this: https:/
=======
DoS style attack on noVNC server can lead to service interruption or disruption
=== Summary===
Currently, there is no limiting on the number of VNC sessions that can be created for a single user's VNC token which enables one to cause a DoS attack on noVNC browser proxy by requesting multiple server. This prevents subsequent access to VM's VNC console.
=== Affected Services / Software ===
Horizon (VNC Console through browser), Nova (NoVNC proxy), Grizzly
=== Discussion ===
NoVNC Proxy is explained well here.
Once a user gets token to access a VM's VNC console, there is no restriction in the number of times the user can try connecting to the VNC console using the same token. If multiple connection requests are made, any subsequent request could timeout. This could impact users already connected to the VNC sessions, or other users trying to make new connection. This could also impact overall responsiveness of other nova services running in the novnc host.
Thus, a user could make the NoVNC proxy endpoint not responsive/ reachable, thereby resulting in a DoS attack. However, it is to be noted there is no amplification effect.
=== Recommended Actions ===
For current stable releases (Grizzly), users need to workaround this vulnerability by using rate-limiting proxies to cover access to NoVNC hosts. Rate-limiting is a common mechanism to prevent DoS/ Brute-Force attacks. You can find more discussion on rate-limiting around OpenStack Networking Best practices here.
=== Contacts / References ===
This OSSN : https:/
Original LaunchPad Bug : https:/
OpenStack Security ML : <email address hidden>
OpenStack Security Group : https:/