Comment 11 for bug 1347961
Revision history for this message
| Brant Knudson (blk-u) wrote Re: Revocation events are broken with mysql | #11 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
The impact statement isn't correct since it says that tokens won't expire using MySQL, but they will. It just that revocations don't work with revocation events at all. Here's my attempt:
Brant Knudson from IBM reported a vulnerability in Keystone revocation events. The Keystone revocation events code expects the database to store expiration timestamps with subsecond accuracy, which Mysql does not do. This causes tokens that are manually revoked to remain valid. Only Keystone setups configured to use revocation events and the SQL token driver with MySQL are affected.