[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in lib
|
From: |
Neil Wilson |
|
Subject: |
[Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt |
|
Date: |
Fri, 28 Jan 2011 17:58:08 -0000 |
Installed patched build onto Maverick server. vnc_listen set to 0.0.0.0
in /etc/libvirt/qemu.conf
Set vnc_password=""' with vnc_tls=1 in /etc/libvirt/qemu.conf and
confirmed that the lanched server now rejects authentication for any
password, whereas it turned off authentication and encryption completely
before.
Hashed out vnc_password and left vnc_tls=1 in /etc/libvirt/qemu.conf.
Confirmed that the server uses anonymous auth with TLS. Allows the user
on without a password. qemu-kvm launched with -vnc
0.0.0.0:0,tls,x509=/etc/pki/libvirt-vnc
Hashed out vnc_tls=1. Confirmed server allows direct access to VNC.
qemu-kvm launched with -vnc 0.0.0.0:0
Set vnc_password="". Confirmed server rejects authentication for any
password, with no encryption. Again previously it had just let the user
on. qemu-kvm launched with -vnc 0.0.0.0:0,password
set vnc_password="password". Confirmed server accepts authentication
with that password. qemu-kvm launched with -vnc 0.0.0.0:0,password
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
Status in libvirt virtualization API:
Unknown
Status in QEMU:
New
Status in qemu-kvm:
Unknown
Status in “libvirt” package in Ubuntu:
Invalid
Status in “qemu-kvm” package in Ubuntu:
Confirmed
Bug description:
The help in the /etc/libvirt/qemu.conf states
"To allow access without passwords, leave this commented out. An empty
string will still enable passwords, but be rejected by QEMU
effectively preventing any use of VNC."
yet setting:
vnc_password=""
allows access to the vnc console without any password prompt just as
if it is hashed out completely.
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: libvirt-bin 0.8.3-1ubuntu14
ProcVersionSignature: Ubuntu 2.6.35-24.42-server 2.6.35.8
Uname: Linux 2.6.35-24-server x86_64
Architecture: amd64
Date: Tue Jan 4 12:18:35 2011
InstallationMedia: Ubuntu-Server 10.04.1 LTS "Lucid Lynx" - Release amd64
(20100816.2)
ProcEnviron:
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: libvirt
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Neil Wilson, 2011/01/28
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Neil Wilson, 2011/01/28
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Launchpad Bug Tracker, 2011/01/28
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Neil Wilson, 2011/01/28
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Neil Wilson, 2011/01/28
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt,
Neil Wilson <=
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Neil Wilson, 2011/01/28
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Anthony Liguori, 2011/01/31