Bug 4603 - low ports to authenticate privileged VSM operations is not very secure
Summary: low ports to authenticate privileged VSM operations is not very secure
Status: CLOSED DUPLICATE of bug 217
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Other (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.9.0
Assignee: Peter Åstrand
URL:
Keywords:
Depends on:
Blocks: 4604
  Show dependency treegraph
 
Reported: 2013-04-17 13:27 CEST by Pierre Ossman
Modified: 2018-01-30 14:44 CET (History)
0 users

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio 2013-04-17 13:27:23 CEST 
Currently we use a combination of low ports and approved IP addresses to determine which machines can do privileged operations (like creating a session). This is not the best security practice and a dedicated attacker could circumvent it if the network environment is permitting enough.

We should instead look at something that uses strong cryptography. Either a shared secret between the machines, or a public key system. A shared secret is probably better though as we will have privileged communication in several directions.
Comment 1 Pierre Ossman cendio 2018-01-30 14:44:42 CET 

*** This bug has been marked as a duplicate of bug 217 ***
Note You need to log in before you can comment on or make changes to this bug.