Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-1918

Prevent hijacking of scanners by other users

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 1.3.0
    • n/a
    • security, tserver
    • None

    Description

      Currently the UUIDs used for scanner IDs are using boost::uuid, which doesn't necessarily use a secure random source. If these turn out to be predictable, some attack around scanner hijacking might be possible. We should use an unpredictable source for scanner IDs, or save the original authenticated user in the Scanner and ensure that the authentication does not switch mid-scan.

      Attachments

        Issue Links

          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task. KUDU-1843 Client UUIDs should be cryptographically random

          • Critical - Crashes, loss of data, severe memory leak.
          • In Review

          Activity

            People

              tlipcon Todd Lipcon
              tlipcon Todd Lipcon
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: