Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[dev.icinga.com #11482] API User gets wrongly authenticated (client_cn and no password) #4076

Closed
icinga-migration opened this issue Mar 31, 2016 · 4 comments
Labels
Milestone

Comments

@icinga-migration
Copy link
Member

@icinga-migration icinga-migration commented Mar 31, 2016

This issue has been migrated from Redmine: https://dev.icinga.com/issues/11482

Created by dboerm on 2016-03-31 06:39:09 +00:00

Assignee: mfriedrich
Status: Resolved (closed on 2016-04-04 14:40:09 +00:00)
Target Version: 2.4.5
Last Update: 2016-04-20 08:16:05 +00:00 (in Redmine)

Icinga Version: 2.4.4-1~ppa1~trusty1
Backport?: Already backported
Include in Changelog: 1

Hi,

i have the following in my config

object ApiUser "test" {
  client_cn = "foobar_api_test"
  permissions = [ "actions/process-check-result" ]
}

and with the following command

curl -k -s -H 'Accept: application/json' -X POST 'https://127.0.0.1:5665/v1/actions/process-check-result?host=api_test' -d '{"exit_status": 0, "plugin_output": "OK"}' -u test:

the output is:

{"results":[{"code":200.0,"status":"Successfully processed check result for object 'api_test'."}]}

if i provide a certificate that is NOT signed by the icinga CA, then i get correctly an "Unauthorized" Message. if i then do the same request (invalid certificat) but with

-u test:

it works again.

Changesets

2016-04-04 14:38:47 +00:00 by mfriedrich d2f5008

API: Ensure that empty passwords w/ client_cn are properly checked

fixes #11482

2016-04-20 08:09:33 +00:00 by mfriedrich 5910f2e

API: Ensure that empty passwords w/ client_cn are properly checked

fixes #11482
@icinga-migration

This comment has been minimized.

Copy link
Member Author

@icinga-migration icinga-migration commented Mar 31, 2016

Updated by mfriedrich on 2016-03-31 09:47:33 +00:00

  • Status changed from New to Assigned
  • Assigned to set to mfriedrich
  • Priority changed from Normal to High
  • Target Version set to 2.4.5
@icinga-migration

This comment has been minimized.

Copy link
Member Author

@icinga-migration icinga-migration commented Apr 4, 2016

Updated by mfriedrich on 2016-04-04 14:38:41 +00:00

  • Priority changed from High to Urgent

Might be worth a CVE, though Mitre changed their handling of CVE numbers recently which renders this nearly impossible.
https://cve.mitre.org/cve/data\_sources\_product\_coverage.html

I'm raising the issue priority once more, fix is already on my test stage.

@icinga-migration

This comment has been minimized.

Copy link
Member Author

@icinga-migration icinga-migration commented Apr 4, 2016

Updated by mfriedrich on 2016-04-04 14:40:09 +00:00

  • Status changed from Assigned to Resolved
  • Done % changed from 0 to 100

Applied in changeset d2f5008.

@icinga-migration

This comment has been minimized.

Copy link
Member Author

@icinga-migration icinga-migration commented Apr 20, 2016

Updated by gbeutner on 2016-04-20 08:16:05 +00:00

  • Backport? changed from Not yet backported to Already backported
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.