Public bug reported:
In V3.0 API, we can chain authentication methods. An attacker can place
the same authentication method multiple times in the methods filed. This
will result in the same authentication method checking over and over
(for loop in code). Using this, an attacker can achieve some
Public bug reported:
In Havana Stable release for both V2.0 an V3,
A scoped token can be used to get another scoped or un-scopped token.
This can be exploited by anyone who has gained access to a scoped
token.
For example,
1. userA is related to two projects: Project1, Project2
2. userA create
Public bug reported:
PKI token should be validated only using Cert and Revocation list.
There is no need for any user to fetch/validate the PKI token by making
a GET call. Currently, PKI token, similar to UUID token, can be
validated/fetched by making a GET call
v2.0/tokens/{tokenId}
Here toke
3 matches
Mail list logo
