On 12/22/2013 12:37 PM, Martinx - ジェームズ wrote:
Stackers!
I need a bit help here...
My OpenStack Havana (Ubuntu 12.04.3) was working smoothly and, I don't
know what had happened here but, now, I'm seeing some weird problems.
Right now, the "Tenant A" is seeing the VNC Consoles of "Tenant B" !!!
How is that even possible?! There is no authentication here to deal with
this kind of things!? I'm really worried about this.
Look:
"Tenant A" Instances:
Inline images 1
"Tenant A" accessing the VNC Console of a "Tenant B" Instance!!!
Inline images 2
This is a very serious problem, since I'm giving to the "Tenant A",
almost total access to "Tenant B" Instances!! This kind of situation
should NEVER occur!
What can I do to completely block this?
I just started a new Instance for "Tenant A", and I'm seeing ANOTHER VNC
Console from "Tenant B"!!
Thiago, yes, this is indeed a major security breach. If you have not
already, please create a bug in Launchpad with your image attachments
and a description to reproduce the bug if you can. Please mark the bug
as a security/private bug.
Thank you!
-jay
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
