Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-1843

Client UUIDs should be cryptographically random

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: In Review
    • Critical
    • Resolution: Unresolved
    • 1.3.0
    • None
    • security
    • None

    Description

      Currently we use boost::uuid's default random generator, which is not cryptographically random. This may increase the ease with which an attacker could guess another client's client ID, which would potentially allow them to perform DoS or try to steal the results of RPCs from the result cache.

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. KUDU-1918 Prevent hijacking of scanners by other users

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              tlipcon Todd Lipcon
              tlipcon Todd Lipcon
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: