virt-v2v is vulnerable to authorization bypass. The vulnerability exists as using virt-v2v to convert a guest that has a password-protected VNC console to a KVM guest removed that password protection from the converted guest: after conversion, a password was not required to access the converted guest’s VNC console. Now, converted guests will require the same VNC console password as the original guest. Note that when converting a guest to run on Red Hat Enterprise Virtualization, virt-v2v will display a warning that VNC passwords are not supported.
rhn.redhat.com/errata/RHSA-2011-1615.html
secunia.com/advisories/47086
www.osvdb.org/77558
access.redhat.com/errata/RHSA-2011:1615
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=702754
git.fedorahosted.org/cgit/virt-v2v.git/commit/?id=7e9393129116699d1228bb02b9f65b78584582c1