[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1828207] Re: Request to add something like "Auth faile
From: |
Daniel Berrange |
Subject: |
[Qemu-devel] [Bug 1828207] Re: Request to add something like "Auth failed from IP" log report for built-in VNC server |
Date: |
Wed, 08 May 2019 13:42:42 -0000 |
The challenge is that this is the only auth scheme defined by the VNC protocol,
aside from no-auth.
If we removed it, we'd no longer be compatible with the standard VNC protocol.
We'd be making use of the TLS/SASL extensions mandatory if users want auth.
This could ultimately push people to turn off auth altogether which is even
worse.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1828207
Title:
Request to add something like "Auth failed from IP" log report for
built-in VNC server
Status in QEMU:
New
Bug description:
In environment with needs of public accessible VNC ports there is no logs or
other registered events about authentication failures to analyze and/or
integrate it to automated services like fail2ban ans so on.
Thus the built-in VNC service is vulnerable to brutforce attacks and in
combination with weak built-in VNC-auth scheme can be a security vulnerability.
Adding a simple log record like "QEMU VNC Authentication failed
192.168.0.5:5902 - 123.45.67.89:7898" will permit to quickly integrate
it to fail2ban system.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1828207/+subscriptions