Architecture #23291
closed
Use constant time comparison for system token
Added by Alexis Mousset 11 months ago.
Updated 10 months ago.
Description
Not a problem as in case of failure an LDAP request is made, and very likely prevents time attacks as it is a lot slower.
But still a best practice and prevents future problems in refactoring.
- Status changed from New to In progress
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to François ARMAND
- Pull Request set to https://github.com/Normation/rudder/pull/4983
- Status changed from Pending technical review to Pending release
- Status changed from Pending release to Released
This bug has been fixed in Rudder 8.0.0~beta1 which was released today.
Also available in: Atom
PDF
Updated by 
Updated by