Comment 25 for bug 1927677

Thanks Nick,
  We are part of the Monash University Nectar Cloud team. Please feel free
to put us reporters.

Swe Aung
Shahaan Ayyub

Regards,
Shahaan

On Sat, 24 Jul 2021 at 09:25, Nick Tait <email address hidden> wrote:

> Red Hat will be assigning a CVE for this. Sirswa, would you like to be
> credited as the reporter? What name should we put down? Do you represent
> an organization?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1927677
>
> Title:
> novnc allowing open direction which could potentially be used for
> phishing
>
> Status in OpenStack Compute (nova):
> Fix Released
> Status in OpenStack Compute (nova) train series:
> In Progress
> Status in OpenStack Compute (nova) ussuri series:
> In Progress
> Status in OpenStack Compute (nova) victoria series:
> In Progress
> Status in OpenStack Compute (nova) wallaby series:
> Fix Released
> Status in OpenStack Security Advisory:
> Incomplete
>
> Bug description:
> This bug report is related to Security.
>
> Currently novnc is allowing open direction, which could potentially be
> used for phishing attempts
>
> To test.
> https://<sites' vnc domain>//example.com/%2F..
> include .. at the end
>
> For example:
> http://vncproxy.my.domain.com//example.com/%2F..
>
> It will redirect to example.com. You can replace example.com with some
> legitimate domain or spoofed domain.
>
> The description of the risk is
> By modifying untrusted URL input to a malicious site, an attacker may
> successfully launch a phishing scam and steal user credentials.
> Because the server name in the modified link is identical to the
> original site, phishing attempts may have a more trustworthy appearance.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/nova/+bug/1927677/+subscriptions
>
>