Bug 761526
Summary: | Password reset link can be used more than once | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Jeff Weiss <jweiss> |
Component: | WebUI | Assignee: | Brad Buckingham <bbuckingham> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Katello QA List <katello-qa-list> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.0.1 | CC: | bbuckingham, bkearney, dajohnso, kseifried, omaciel |
Target Milestone: | Unspecified | Keywords: | Security, Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-08-22 18:11:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 771333, 786160 | ||
Bug Blocks: | 747354, 836071 |
Description
Jeff Weiss
2011-12-08 14:40:12 UTC
In fact, it would be even more secure if the link was invalidated the instant it is accessed (rather than only after the form is submitted). I think a sniffer could access the URL - if he races to fill out the form first, he would "beat" the legitimate user. But he could not access the url first - by the time he sniffs it, the legit user already beat him to it. I guess you'd have to create a cookie or something for the first access. I was able to reproduce it under katello-0.1.130-1.git.0.216c0d8.el6.x86_64 git commit : 3461becab18a3cc79054d4e9d7f1f07d41170089 Updated logic to reset the token as part of updating the password. As a result, the token may only be used for updating the password 1 time. Blocked mass ON_QA move Verified, katello-0.1.229-1.git.0.f2ad9e2.el6.noarch Can this bug now be closed? katello-0.1.307-1.el6.src.rpm getting rid of 6.0.0 version since that doesn't exist |