[Bug 697197] Re: Empty password allows access to VNC in libvirt
Neil Wilson
neil at aldur.co.uk
Fri Jan 28 17:58:08 UTC 2011
Installed patched build onto Maverick server. vnc_listen set to 0.0.0.0
in /etc/libvirt/qemu.conf
Set vnc_password=""' with vnc_tls=1 in /etc/libvirt/qemu.conf and
confirmed that the lanched server now rejects authentication for any
password, whereas it turned off authentication and encryption completely
before.
Hashed out vnc_password and left vnc_tls=1 in /etc/libvirt/qemu.conf.
Confirmed that the server uses anonymous auth with TLS. Allows the user
on without a password. qemu-kvm launched with -vnc
0.0.0.0:0,tls,x509=/etc/pki/libvirt-vnc
Hashed out vnc_tls=1. Confirmed server allows direct access to VNC.
qemu-kvm launched with -vnc 0.0.0.0:0
Set vnc_password="". Confirmed server rejects authentication for any
password, with no encryption. Again previously it had just let the user
on. qemu-kvm launched with -vnc 0.0.0.0:0,password
set vnc_password="password". Confirmed server accepts authentication
with that password. qemu-kvm launched with -vnc 0.0.0.0:0,password
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to qemu-kvm in ubuntu.
https://bugs.launchpad.net/bugs/697197
Title:
Empty password allows access to VNC in libvirt
More information about the Ubuntu-server-bugs
mailing list