Comment 8 for bug 1260080

Revision history for this message
Morgan Fainberg (mdrnstm) wrote : Re: Trustee token revocations with memcache backend

It doesn't appear to be directly trigger-able by an attacker. The attacker would need a trust-scoped-token or acccount and issue a trust-scoped token, and the events that normally would revoke these trust-scoped-tokens based upon the trustee (password change, disable, etc) will not occur.

It's a narrow-scope, but still a security risk.