no validation of target name in gss_init_sec_context
Bug #1444045 reported by
Sam Hartman
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GSS-API Web |
Fix Released
|
Critical
|
Mark Donnelly |
Bug Description
As discussed, an attacker can impersonate a user if the attacker can control the target name in gss_init_
It's important that we validate the form of this name.
This validation needs to:
* Be done in browser-independent code (preferably javascript, although there are ways of doing this in c+?+
* be done in a manner that allows us to easily add new name forms in the future
* be done in a manner that allows us to add new validations of other function inputs in the future
* be done in trusted code
Changed in gssweb: | |
milestone: | none → 1.0 |
information type: | Public → Public Security |
Changed in gssweb: | |
assignee: | nobody → Mark Donnelly (meadmaker) |
status: | Confirmed → Fix Committed |
Changed in gssweb: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.