noVNC Open Redirect Vulnerability CVE-2021-3654 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

10

noVNC Open Redirect Vulnerability CVE-2021-3654 Scanner Detail

There is an open redirect vulnerability in noVNC.

Nova's noVNC proxying implementation which exposed access to a well-known redirect behavior in the Python standard library's http.server.SimpleHTTPRequestHandler and thus noVNC's WebSockifyRequestHandler which uses it. By convincing a user to follow a specially-crafted novncproxy URL, the user could be redirected to an unrelated site under control of the attacker in an attempt to convince them to divulge credentials or other sensitive data. All Nova deployments with novncproxy enabled are affected.

Some Advice for Common Problems

You should apply related fixes.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service