Comment 47 for bug 1490804
Revision history for this message
| Liusheng (liusheng) wrote Re: PKI Token Revocation Bypass | #47 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Hi Tristan Cacqueray, I have talked with my colleagues, they have applied the patch provided by Adam young, and this bug has been fixed. But they have found another issue after using this patch, after we issue a valid PKI token, then modify the token by appending some characters to the end of the token, the modified token can also be authenticated successfully. So it seems this fix will cause another security issue. could you please make this bug public few days later ? It is also because we have online productions that using Havana/Juno OpenStack, this issue still exist, we need a few days to release a patch before this bug made public, it will be a risk if we make this bug public now. with great thanks to you! And, Could Adam Young please to check about this new issue? very thanks for your patch!