Bug #14866
Updated by Alexis Mousset almost 5 years ago
There If there is no consistency check between the node id and the userId in the certificate's subject name when receiving an inventory, so it is possible to provide a certificate with a different node id and get the inventory accepted. It may also be possible to provide a different certificate in a new inventory after taking control of an existing node (but signed with the previous one), which would be easier to exploit. Then it is possible to download the targeted Windows node's policies as apache has no way to know the node associated with a certificate except from the content of the certificate itself. It is not possible with Unix agents as the link between a uuid and a public key is based on ldap content directly.