The Cyber Security Platform MeliCERTes is part of the European Strategy for Cyber Security. MeliCERTes is a network for establishing confidence and trust among the national Computer Security Incident Response Teams (CSIRTs) of the Member States and for promoting swift and effective operational cooperation.
Other
30
stars
7
forks
source link
Due to security controls, a catch-22 causes IL to reject a nuke from central #60
In the case that Central wants to send out a nuke and rewrite local CTC entries, to do so, previous code was expecting that CTC::CSP_ALL contains 'central'. However, for reasons unknown, local TCAdmin chooses to remove/edit the CTC circle - and either remove central or recreate (but with different uuid).
We need to remove a check from the code that
if a trustcircles update is received from central
and the central certificate is valid and it is central (CN/DN match)
then also check that the central "id" exists in the CTC::CSP_ALL trust circle.
The 3rd check was done in front, essentially rejecting an attempt to fix the wrong central trustcircle.
tl;dr - catch-22.
In the case that Central wants to send out a nuke and rewrite local CTC entries, to do so, previous code was expecting that CTC::CSP_ALL contains 'central'. However, for reasons unknown, local TCAdmin chooses to remove/edit the CTC circle - and either remove central or recreate (but with different uuid).
We need to remove a check from the code that
The 3rd check was done in front, essentially rejecting an attempt to fix the wrong central trustcircle.