View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0010643 | 10000-004: Services | Spec | public | 2025-11-30 23:37 | 2025-12-01 00:41 |
| Reporter | Randy Armstrong | Assigned To | Randy Armstrong | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 1.05.07 RC1 | ||||
| Target Version | 1.05.07 RC1 | Fixed in Version | 1.05.07 RC1 | ||
| Summary | 0010643: ClientSignature, ServerSignature and UserTokenSignatures are vulnerable to hijacking | ||||
| Description | The current signature algorithm uses data provided by an untrusted party to generate signatures. Need to define a signature algorithm that ties the signatures to data supplied by both sides and, when possible, the secure channel active when the signature is created. | ||||
| Tags | No tags attached. | ||||
| Commit Version | 1.05.07 RC1 | ||||
| Fix Due Date | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-11-30 23:37 | Randy Armstrong | New Issue | |
| 2025-11-30 23:37 | Randy Armstrong | Status | new => assigned |
| 2025-11-30 23:37 | Randy Armstrong | Assigned To | => Randy Armstrong |
| 2025-12-01 00:41 | Randy Armstrong | Status | assigned => resolved |
| 2025-12-01 00:41 | Randy Armstrong | Resolution | open => fixed |
| 2025-12-01 00:41 | Randy Armstrong | Fixed in Version | => 1.05.07 RC1 |
| 2025-12-01 00:41 | Randy Armstrong | Commit Version | => 1.05.07 RC1 |
| 2025-12-01 00:41 | Randy Armstrong | Note Added: 0023609 |
