GSS-API Web

no validation of target name in gss_init_sec_context

Bug #1444045 reported by Sam Hartman on 2015-04-14

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	GSS-API Web	Fix Released	Critical	Mark Donnelly	GSS-API Web 1.0

Bug Description

As discussed, an attacker can impersonate a user if the attacker can control the target name in gss_init_sec_context.
It's important that we validate the form of this name.
This validation needs to:

* Be done in browser-independent code (preferably javascript, although there are ways of doing this in c+?+
* be done in a manner that allows us to easily add new name forms in the future
* be done in a manner that allows us to add new validations of other function inputs in the future
* be done in trusted code

Sam Hartman (hartmans) on 2015-04-14

Changed in gssweb:
milestone:	none → 1.0
information type:	Public → Public Security

Mark Donnelly (meadmaker) on 2015-08-10

Changed in gssweb:
assignee:	nobody → Mark Donnelly (meadmaker)
status:	Confirmed → Fix Committed

Margaret Cullen (mrw42) on 2017-05-15

Changed in gssweb:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.