You mean the VNC server(s) that are created on the compute hosts for their instances? Those are not supposed to be publically accessible. Access to those is done via the consoles API [1] which provides an authentication token to the client. The client the connects to the publically-facing console proxy [2], which verifies the token, and proxies the connection to the compute host. When using this mechanism, the VNC server itself does not need authentication.
[1] https://docs.openstack.org/api-ref/compute/?expanded=get-vnc- console-os-getvncconsole-action-deprecated-detail,show-console- connection-information-detail#server-consoles [2] https://docs.openstack.org/nova/latest/admin/remote-console- access.html ** Changed in: nova Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1840869 Title: VNC Server Unauthenticated Access Status in OpenStack Compute (nova): Invalid Bug description: When nova boot a server with VNC enabled, it does not require authentication if an attacker trys to connect to the remote host directly from management network. The VNC server sometimes sends the connected user to the XDM login screen. A warning from Nessus report: VNC Server Unauthenticated Access Synopsis The remote VNC server does not require authentication. Description The VNC server installed on the remote host allows an attacker to connect to the remote host as no authentication is required to access this service. The VNC server sometimes sends the connected user to the XDM login screen. Unfortunately, Nessus cannot identify this situation. In such a case, it is not possible to go further without valid credentials and this alert may be ignored. Solution Disable the No Authentication security type. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1840869/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
