OpenStack Security Advisory

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1394370
Comment #57

Comment 57 for bug 1394370

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-09: Fix merged to horizon (stable/juno)

#57

Reviewed: https://review.openstack.org/140358
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=e8a66a4d92ae259a5ef004cafad1809942c66596
Submitter: Jenkins
Branch: stable/juno

commit e8a66a4d92ae259a5ef004cafad1809942c66596
Author: eric <email address hidden>
Date: Thu Nov 20 08:49:09 2014 -0700

Horizon login page contains DOS attack mechanism

    the horizon login page (really the middleware) accesses the session
    too early in the login process, which will create session records
    in the session backend. This is especially problematic when non-cookie
    backends are used.

Change-Id: I9d2c40403fb9b0cfb512f2ff45397cbe0b050c71
Closes-Bug: 1394370