Published: 26 February 2013
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
Launchpad, Ubuntu, Debian
Upstream: https://review.openstack.org/#/c/22086/ (grizzly)
Upstream: https://review.openstack.org/#/c/22758 (folsom)
Upstream: https://review.openstack.org/#/c/22872/ (essex)
Upstream: https://review.openstack.org/#/c/23036/ (essex testsuite fix)
on 11.10, VNC consoles are only available via the web interface, but the web interface (horizon) is not functional since it depends on keystone and the keystone in 11.10 is a pre-release version and unusable with other components like horizon and nova.