You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With the example of server-with-encryption, it is possible to acces Address Space without encryption and authentication.
I create an issue instead of sending mail following instructions from How to report a security issue? #902
To Reproduce
To gain an access to Address Space, we have to send hello message, create a secure channel with security none and create a session (activate the session is not required). After we can try to read and write nodes with regular Read and Write Request.
Expected behavior
The expected behaviour would be to require authentication in the application layer (ie session) to provide access to Address Space.
Bug
With the example of server-with-encryption, it is possible to acces Address Space without encryption and authentication.
I create an issue instead of sending mail following instructions from How to report a security issue? #902
To Reproduce
To gain an access to Address Space, we have to send hello message, create a secure channel with security none and create a session (activate the session is not required). After we can try to read and write nodes with regular Read and Write Request.
Expected behavior
The expected behaviour would be to require authentication in the application layer (ie session) to provide access to Address Space.
Version
Python-Version:Python 3.8.10
opcua-asyncio Version (e.g. master branch, 0.9):
branch master, commit 54e54fa (last commit 29/08/2022)
The text was updated successfully, but these errors were encountered: