Actions
Bug #20512
closedUse a proper CSPRNG to generate API tokens
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
Description
We currently use scala.util.Random
(which is actually based on java.util.Random
) but it is not suitable for such use cases, we should really use a CSPRNG here, like java.security.SecureRandom
.
Updated by Alexis Mousset almost 3 years ago
- Status changed from New to In progress
- Assignee set to Alexis Mousset
Updated by Alexis Mousset almost 3 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to François ARMAND
- Pull Request set to https://github.com/Normation/rudder/pull/4084
Updated by Alexis Mousset almost 3 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|5ded698769bba2dfddca21a384f5aba4ace1b8c7.
Updated by Alexis Mousset almost 3 years ago
- Fix check changed from To do to Checked
Updated by Vincent MEMBRÉ over 2 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 6.1.19, 6.2.13, 7.0.2 and 7.1.0~rc1 which were released today.
Actions