Actions
Architecture #23291
closedUse constant time comparison for system token
Fix check:
To do
Regression:
No
Description
Not a problem as in case of failure an LDAP request is made, and very likely prevents time attacks as it is a lot slower.
But still a best practice and prevents future problems in refactoring.
Updated by Alexis Mousset over 1 year ago
- Status changed from New to In progress
Updated by Alexis Mousset over 1 year ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to François ARMAND
- Pull Request set to https://github.com/Normation/rudder/pull/4983
Updated by Alexis Mousset over 1 year ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|5435bd3b4c64ab840dc6714770a7c6b4d793c7e4.
Updated by Vincent MEMBRÉ over 1 year ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 8.0.0~beta1 which was released today.
Actions