Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Illegal access to Address Space #1014

Closed
artfire52 opened this issue Aug 29, 2022 · 1 comment
Closed

Illegal access to Address Space #1014

artfire52 opened this issue Aug 29, 2022 · 1 comment

Comments

@artfire52
Copy link

artfire52 commented Aug 29, 2022

Bug

With the example of server-with-encryption, it is possible to acces Address Space without encryption and authentication.
I create an issue instead of sending mail following instructions from How to report a security issue? #902

To Reproduce

To gain an access to Address Space, we have to send hello message, create a secure channel with security none and create a session (activate the session is not required). After we can try to read and write nodes with regular Read and Write Request.

Expected behavior

The expected behaviour would be to require authentication in the application layer (ie session) to provide access to Address Space.

Version

Python-Version:Python 3.8.10

opcua-asyncio Version (e.g. master branch, 0.9):
branch master, commit 54e54fa (last commit 29/08/2022)

@schroeder-
Copy link
Contributor

Fixed via #1015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants