VNC Server Unauthenticated Access
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
When nova boot a server with VNC enabled, it does not require authentication if an attacker trys to connect to the remote host directly from management network. The VNC server sometimes sends the connected user to the XDM login screen.
A warning from Nessus report:
VNC Server Unauthenticated Access
Synopsis
The remote VNC server does not require authentication.
Description
The VNC server installed on the remote host allows an attacker to connect to the remote host as no authentication is required to access this service.
The VNC server sometimes sends the connected user to the XDM login screen. Unfortunately, Nessus cannot identify this situation. In such a case, it is not possible to go further without valid credentials and this alert may be ignored.
Solution
Disable the No Authentication security type.
You mean the VNC server(s) that are created on the compute hosts for their instances? Those are not supposed to be publically accessible. Access to those is done via the consoles API [1] which provides an authentication token to the client. The client the connects to the publically-facing console proxy [2], which verifies the token, and proxies the connection to the compute host. When using this mechanism, the VNC server itself does not need authentication.
[1] https:/ /docs.openstack .org/api- ref/compute/ ?expanded= get-vnc- console- os-getvncconsol e-action- deprecated- detail, show-console- connection- information- detail# server- consoles
[2] https:/ /docs.openstack .org/nova/ latest/ admin/remote- console- access. html