Comment 30 for bug 1202952
Revision history for this message
| Dolph Mathews (dolph) wrote Re: PKI tokens are never revoked using memcache token backend | #30 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Final list of affected branches / drivers:
stable/grizzly + kvs token driver
stable/grizzly + memcache token driver
stable/folsom + kvs token driver
stable/folsom + memcache token driver
I originally had marked "master + memcache token driver" as "affected" because it returns a relatively bloated API response (as the other failing implementations do), however the response itself does not present a vulnerability because the "id" values are MD5-hashed as expected.
As far as I can tell, this API has never been previously documented or tested at all, hence the inconsistencies in implementation.