Re: CVE request -- virt-v2v: vnc password protection is missing after vm conversion

[Josh Bressers <bressers () redhat com>]

----- Original Message -----
> Hello Steve, vendors.
>
> Description:
> It was found that after virtual machine conversion using virt-v2v the
> target VM does not have VNC password enabled even though the source VM
> does.  An attacker able to connect to the target VM can possibly use this
> flaw to operate the VM with privileges of the logged in user.
>
> References:
> https://bugzilla.redhat.com/show_bug.cgi?id=702754
>
> Could you please allocate a CVE identifier for this issue?

Please use CVE-2011-1773

Thanks.

-- 
    JB