yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1927677] Re: novnc allowing open direction which could potentially be used for phishing

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: melanie witt <1927677@xxxxxxxxxxxxxxxxxx>
Date: Fri, 14 May 2021 14:48:32 -0000
Reply-to: Bug 1927677 <1927677@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: nova/train
Importance: Undecided
Status: New

** Also affects: nova/ussuri
Importance: Undecided
Status: New

** Also affects: nova/wallaby
Importance: Undecided
Status: New

** Also affects: nova/victoria
Importance: Undecided
Status: New

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1927677

Title:
novnc allowing open direction which could potentially be used for
phishing

Status in OpenStack Compute (nova):
In Progress
Status in OpenStack Compute (nova) train series:
New
Status in OpenStack Compute (nova) ussuri series:
New
Status in OpenStack Compute (nova) victoria series:
New
Status in OpenStack Compute (nova) wallaby series:
New
Status in OpenStack Security Advisory:
Incomplete

Bug description:
This bug report is related to Security.

Currently novnc is allowing open direction, which could potentially be
used for phishing attempts

To test.
https://<sites' vnc domain>//example.com/%2F..
include .. at the end

For example:
http://vncproxy.my.domain.com//example.com/%2F..

It will redirect to example.com. You can replace example.com with some
legitimate domain or spoofed domain.

The description of the risk is
By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1927677/+subscriptions