noVNC Open Redirect Vulnerability CVE-2021-3654 Scanner

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


noVNC Open Redirect Vulnerability CVE-2021-3654 Scanner Detail

There is an open redirect vulnerability in noVNC.

Nova's noVNC proxying implementation which exposed access to a well-known redirect behavior in the Python standard library's http.server.SimpleHTTPRequestHandler and thus noVNC's WebSockifyRequestHandler which uses it. By convincing a user to follow a specially-crafted novncproxy URL, the user could be redirected to an unrelated site under control of the attacker in an attempt to convince them to divulge credentials or other sensitive data. All Nova deployments with novncproxy enabled are affected.

Some Advice for Common Problems

You should apply related fixes.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service