Comment 8 for bug 1260080
Revision history for this message
| Morgan Fainberg (mdrnstm) wrote Re: Trustee token revocations with memcache backend | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
It doesn't appear to be directly trigger-able by an attacker. The attacker would need a trust-scoped-token or acccount and issue a trust-scoped token, and the events that normally would revoke these trust-scoped-tokens based upon the trustee (password change, disable, etc) will not occur.
It's a narrow-scope, but still a security risk.