0010088: Handling of private key in CertificateUpdateRequestedAuditEventType

ID	Project	Category	View Status	Date Submitted	Last Update

0010088	10000-012: Discovery	Spec	public	2025-01-07 08:24	2025-03-25 16:31

Reporter	Matthias Damm	Assigned To	Randy Armstrong
Priority	normal	Severity	major	Reproducibility	have not tried
Status	closed	Resolution	fixed
Product Version	1.05.04
Target Version	1.05.05 RC1	Fixed in Version	1.05.05 RC2

Summary	0010088: Handling of private key in CertificateUpdateRequestedAuditEventType
Description	The CertificateUpdateRequestedAuditEventType and potentially also CertificateUpdatedAuditEventType may contain a private key if the UpdateCertificate call contained a private key in the InputArguments. We should require that the private key is excluded from the data filled into the InputArguments event field of the audit event fired for UpdateCertificate.
Tags	No tags attached.

Commit Version	1.05.05
Fix Due Date	2025-02-15

Date Modified	Username	Field	Change
2025-01-07 08:24	Matthias Damm	New Issue
2025-01-14 16:51	Jim Luth	Assigned To	=> Randy Armstrong
2025-01-14 16:51	Jim Luth	Status	new => assigned
2025-01-14 16:52	Jim Luth	Commit Version	=> 1.05.05
2025-01-14 16:52	Jim Luth	Fix Due Date	=> 2025-02-15
2025-02-18 10:29	Matthias Damm	Relationship added	related to 0010157
2025-03-25 16:26	Randy Armstrong	Status	assigned => resolved
2025-03-25 16:26	Randy Armstrong	Resolution	open => fixed
2025-03-25 16:26	Randy Armstrong	Note Added: 0022566
2025-03-25 16:31	Jim Luth	Status	resolved => closed
2025-03-25 16:31	Jim Luth	Fixed in Version	=> 1.05.05 RC2
2025-03-25 16:31	Jim Luth	Note Added: 0022567

Randy Armstrong 2025-03-25 16:26 administrator ~0022566	If a PrivateKey was one of the InputArguments then that argument is set to NULL before generating this Event.

Jim Luth 2025-03-25 16:31 administrator ~0022567	Agreed to change in web meeting.