** Changed in: horizon/juno Status: Fix Committed => Fix Released
-- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1394370 Title: [OSSA 2014-040] horizon login page is vulnerable to DOS attack (CVE-2014-8124) Status in OpenStack Dashboard (Horizon): Fix Released Status in OpenStack Dashboard (Horizon) icehouse series: Fix Released Status in OpenStack Dashboard (Horizon) juno series: Fix Released Status in OpenStack Security Advisory: Fix Released Bug description: We have horizon deployed with mysql sessions. I believe this issue exists with all db backed sessions, and likely memchached too (but I am not sure). Every request to the login page is generating a new session record in the db. This is based upon this line of code: https://github.com/django/django/blob/master/django/contrib/sessions/backends/db.py#L41 What happens is as soon as you access request.session['foo'] then you are going to get an entry in the db. I have placed some debugging code in a variety of locations where we are accessing the session store before we should be, which creates these records: https://github.com/openstack/horizon/blob/master/horizon/middleware.py#L94 The check for the timeout should never occur if there is no authenticated user. So the check a few lines below needs to be moved higher. https://github.com/openstack/django_openstack_auth/blob/master/openstack_auth/utils.py#L50 This check I am not sure how to work around. We are accessing the session, which creates records, just trying to keep track if a user is logged in or not. It seems like we are not using the django auth mechanisms correctly here, and I can't see if there is a workaround. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1394370/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp