possible auth bypass

Bug #1571491 reported by Michael Vogt on 2016-04-18
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Snappy
Undecided
Unassigned
snapd (Ubuntu)
Critical
Unassigned
Xenial
Critical
Unassigned

Bug Description

The snapd authentication can by bypassed by sending invalid auth: headers and logout is not revmoing the local authentication data.

Regression potential: worst case is that snap authentication no longer works which is preferable to an auth bypass.

Michael Vogt (mvo) on 2016-04-18
Changed in snapd (Ubuntu Xenial):
importance: Undecided → Critical
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package snapd - 2.0.1

---------------
snapd (2.0.1) xenial; urgency=medium

  * client,daemon,overlord: fix authentication:
    - fix incorrect authenication check (LP: #1571491)

 -- Michael Vogt <email address hidden> Mon, 18 Apr 2016 07:24:33 +0200

Changed in snapd (Ubuntu Xenial):
status: In Progress → Fix Released
Michael Vogt (mvo) on 2016-05-03
Changed in snappy:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers