possible auth bypass
Bug #1571491 reported by
Michael Vogt
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Snappy |
Fix Released
|
Undecided
|
Unassigned | ||
| snapd (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
| Xenial |
Fix Released
|
Critical
|
Unassigned | ||
Bug Description
The snapd authentication can by bypassed by sending invalid auth: headers and logout is not revmoing the local authentication data.
Regression potential: worst case is that snap authentication no longer works which is preferable to an auth bypass.
| Changed in snapd (Ubuntu Xenial): | |
| importance: | Undecided → Critical |
| status: | New → In Progress |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in snapd (Ubuntu Xenial): | |
| status: | In Progress → Fix Released |
| Changed in snappy: | |
| status: | New → Fix Released |
To post a comment you must log in.
This bug was fixed in the package snapd - 2.0.1
---------------
snapd (2.0.1) xenial; urgency=medium
* client,
- fix incorrect authenication check (LP: #1571491)
-- Michael Vogt <email address hidden> Mon, 18 Apr 2016 07:24:33 +0200