This bug has been migrated to another issue tracking site. It has been closed here and may no longer be being monitored.

If you would like to get updates for this issue, or to participate in it, you may do so at Red Hat Issue Tracker .
Bug 1961337 - novnc allowing open direction which could potentially be used for phishing
Summary: novnc allowing open direction which could potentially be used for phishing
Keywords:
Status: CLOSED MIGRATED
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova
Version: 18.0 (Zed)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ga
: ---
Assignee: melanie witt
QA Contact: OSP DFG:Compute
URL:
Whiteboard:
Depends On:
Blocks: 1961346 1961351 1968760
TreeView+ depends on / blocked
 
Reported: 2021-05-17 17:58 UTC by melanie witt
Modified: 2024-01-11 14:54 UTC (History)
8 users (show)

Fixed In Version: openstack-nova-27.1.1-18.0.20230930093334.a869ab1.el9ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1961346 1968760 (view as bug list)
Environment:
Last Closed: 2024-01-11 14:52:05 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1927677 0 None None None 2021-05-17 17:58:47 UTC
OpenStack gerrit 791297 0 None MERGED Reject open redirection in the console proxy 2021-05-17 17:58:47 UTC
Red Hat Issue Tracker OSP-31142 0 None None None 2024-01-11 14:54:12 UTC
Red Hat Issue Tracker   OSP-3981 0 None None None 2024-01-11 14:52:04 UTC

Description melanie witt 2021-05-17 17:58:48 UTC 
Copied from the upstream bug [1]:

"This bug report is related to Security.

Currently novnc is allowing open direction, which could potentially be used for phishing attempts

To test.
https://<sites' vnc domain>//example.com/%2F..
include .. at the end

For example:
http://vncproxy.my.domain.com//example.com/%2F..

It will redirect to example.com. You can replace example.com with some legitimate domain or spoofed domain.

The description of the risk is
By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance."

[1] https://bugs.launchpad.net/nova/+bug/1927677
Note You need to log in before you can comment on or make changes to this bug.