Uploaded image for project: 'ONAP JIRA Security Issues'
  1. ONAP JIRA Security Issues
  2. OJSI-94

sdc-wfd-fe allows to impersonate any user by setting USER_ID

CloneClone+Clone++
    XMLWordPrintable

Details

    Description

      sdc-wfd-fe allows to impersonate any user by setting USER_ID in request
      header any without any authentication

       

      Sample attack:

      curl -H ’USER_ID: abcd’ -X GET http://<IP ADDR>:30256/wf/workflows

      Attachments

        Issue Links

          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. SDC-2557 workflow-designer-be throws exception when it starts

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. SDC-2544 Remove the USER_ID field from SDC requests

          • Medium - Failure of non-critical aspects of the system but results in an inconvenient situation. It causes some undesirable behavior, but the system is still functional. There is a reasonably satisfactory workaround. It is still a valid defect that should be corrected May be fixed after the release or in the next release.
          • Open
          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              xuegao Xue Gao
              l.wrochna Łukasz Wrochna
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: