summaryrefslogtreecommitdiffstats
path: root/Read-Manifest-Now
diff options
context:
space:
mode:
authorKai Blin <kai@samba.org>2011-07-12 08:08:24 +0200
committerKarolin Seeger <kseeger@samba.org>2011-07-24 20:46:46 +0200
commit3973cfa50024983618a44ffdb9f756b642b85be7 (patch)
tree9e9dccbb21a40cc573643b9231ebcb4d2bf4f61b /Read-Manifest-Now
parent11e281228f334bf3d384df5655136f0b4b4068aa (diff)
downloadsamba-3973cfa50024983618a44ffdb9f756b642b85be7.tar.gz
samba-3973cfa50024983618a44ffdb9f756b642b85be7.tar.xz
samba-3973cfa50024983618a44ffdb9f756b642b85be7.zip
s3 swat: Create random nonce in CGI mode
In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin <kai@samba.org> The last 12 patches address bug #8290 (CSRF vulnerability in SWAT). This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT).
Diffstat (limited to 'Read-Manifest-Now')
0 files changed, 0 insertions, 0 deletions