awakening team mailing list archive

Thread
Date

[Bug 244592] [NEW] Need to verify message sources

To: awakening@xxxxxxxxxxxxxxxxxxx
From: Szabolcs Molnár <fleet@xxxxxxxxxxxx>
Date: Tue, 01 Jul 2008 15:40:31 -0000
Reply-to: Bug 244592 <244592@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Private security bug reported:

The hub required to verify if the ADC commands' originating SID field is
the same as the user's own sid. So users shouldn't be able to talk in
someone else's name.

for example, I can send BMSG ABCD test even if my sid is not ABCD

** Affects: ehub
     Importance: High
         Status: New

** Changed in: ehub
   Importance: Undecided => High

-- 
Need to verify message sources
https://bugs.launchpad.net/bugs/244592
You received this bug notification because you are a member of
Awakening, which is a direct subscriber.

Status in eHub: New

Bug description:
The hub required to verify if the ADC commands' originating SID field is the same as the user's own sid. So users shouldn't be able to talk in someone else's name.

for example, I can send BMSG ABCD test even if my sid is not ABCD

Follow ups

[Bug 244592] Re: Need to verify message sources
From: CyB, 2009-03-06
[Bug 244592] Re: Need to verify message sources
From: CyB, 2008-07-01
[Bug 244592] Re: Need to verify message sources
From: CyB, 2008-07-01
[Bug 244592] [NEW] Need to verify message sources
From: Szabolcs Molnár, 2008-07-01

References

[Bug 244592] [NEW] Need to verify message sources
From: Szabolcs Molnár, 2008-07-01