Comment 12 for bug 1394370

Revision history for this message
Tristan Cacqueray (tristan-cacqueray) wrote : Re: horizon login page is vulnerable to DOS attack

Thanks David for confirming the bug on Horizon project!

Now for the OSSA part, should we keep this under embargo and does this qualify as a DOS attack vector ?

Considering there is no amplification and that one connection results in one database entry I would triage this as class D bug (according to our new taxonomy described here: https://wiki.openstack.org/wiki/Vulnerability_Management#Incident_report_taxonomy )...

Thought ?