Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
[dev.icinga.com #11482] API User gets wrongly authenticated (client_cn and no password) #4076
This issue has been migrated from Redmine: https://dev.icinga.com/issues/11482
Created by dboerm on 2016-03-31 06:39:09 +00:00
i have the following in my config
and with the following command
the output is:
if i provide a certificate that is NOT signed by the icinga CA, then i get correctly an "Unauthorized" Message. if i then do the same request (invalid certificat) but with
it works again.
2016-04-04 14:38:47 +00:00 by mfriedrich d2f5008
2016-04-20 08:09:33 +00:00 by mfriedrich 5910f2e
Updated by mfriedrich on 2016-04-04 14:38:41 +00:00
Might be worth a CVE, though Mitre changed their handling of CVE numbers recently which renders this nearly impossible.
I'm raising the issue priority once more, fix is already on my test stage.