Open keyctl opened 4 years ago
If we find one already we can just sell it as a "backdoor". :) It's not a bug, it's a feature
@keyctl @RequestForCoffee @Miro-H
We should definitely look at our todos:
CertServer/Startup.cs: // XXX: Implement better solution for DB password
CertServer/Startup.cs: // XXX: Only run https server
CertServer/DataModifiers/CADBModifier.cs: // XXX: Test if CRL signature is correct
CertServer/DataModifiers/CADBModifier.cs: //XXX: add crlreason to pubCert DB
CertServer/Controllers/CRLController.cs: // XXX: Return type?
CoreCA.Client/CoreCAClient.cs: // TODO: consider centralizing the endpoint URLs (currently hardcoded per-method)
CoreCA.DataModel/CipherSuite.cs: // TODO: consider replacing string Alg/HashAlg fields with enums
Vagrantfile: # TODO: Adapt to put masters in DMZ and route their
vagrant_share/ansible/roles/mariadb/tasks/harden.yml:# XXX: Make reexecutable, check if not already hardnend, otherwise error:
vagrant_share/ansible/roles/mariadb/tasks/harden.yml:# TODO: Make sure, password isn't logged in some history
vagrant_share/ansible/roles/lynis/tasks/main.yml:# TODO Install the package directly from CISOFY.
vagrant_share/ansible/roles/init_db/tasks/legacy_db.yml:# XXX: maybe shred first
vagrant_share/ansible/roles/init_db/tasks/create_users.yml:# XXX: Refactor to work for X users
vagrant_share/ansible/roles/hardening/templates/etc/ssh/sshd_config.j2:# TODO Add ListenAddress option.
WebServer/Models/Cert/RequestNewCertDetails.cs: // TODO: re-think arbitrary min-length
WebServer/Controllers/CertController.cs: // TODO: Enable XSRF protection for HttpPost endpoints if not present by default
WebServer/Controllers/CertController.cs: // TODO: Rate limit
WebServer/Controllers/CertController.cs: // TODO: consider validating credentials here before making the request
WebServer/Controllers/AccountController.cs: // TODO: reevaluate arbitrary expiration
WebServer/Controllers/AccountController.cs: // TODO: assess potential open redirect vulnerability
WebServer/Controllers/AccountController.cs: // TODO Revoke all certificates not matching the new information.
WebServer/Authentication/CertificateAuthenticationDBValidator.cs: // TODO: properly check the certificate identity against config/Core CA server/etc.
WebServer/Authentication/CertificateAuthenticationDBValidator.cs: // TODO: consider edge cases/alternatives (e.g. explicitly using a different field, fallback mechanism, etc)
We should definitely look at our todos:
Every TODO we don't manage to implement has to be removed tomorrow.
@keyctl @RequestForCoffee @Miro-H
We should definitely look at our todos:
...
Most of the ones in the cert server are obsolete. I will clean that up tonight.
I'd also implement a trivial version of: The user cannot change their personal information to the personal information of another user
. Maybe just check if the email adress is already present in the DB
Done in #72
I created the https://github.com/Liblor/applied_sec_lab/tree/cleanup-todos branch and removed all TODOs of the cert server. Maybe you can remove the other ones as well and then we merge it into the master?
There must be an unintentional vulnerability somewhere. We should try to break our own system before hand-in.