Comment 65 for bug 1490804
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: PKI Token Revocation Bypass | #65 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Brant, the only scenario I considered is when a malicious user is able to keep access after an operator revoked his token or took away his roles. iiuc the exploit you described requires valid token, what can the user do with tokens he invalidated himself ?