View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0009876 | 10000-004: Services | Spec | public | 2024-10-09 16:04 | 2025-05-06 16:16 |
| Reporter | Randy Armstrong | Assigned To | Jim Luth | ||
| Priority | high | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.05.04 RC1 | ||||
| Target Version | 1.05.04 | Fixed in Version | 1.05.04 | ||
| Summary | 0009876: Compromise Text on Client Certificate does not actually fix CVE | ||||
| Description | The text: Implies that when using TLS/HTTPS there is no need to check the client certificate against the TLS client certificate if that Certificate is not accessible to the Server which means the vulnerability still exists. Wording should be: | ||||
| Tags | No tags attached. | ||||
| Commit Version | |||||
| Fix Due Date | |||||
|
|
Changed text to: "If the SecurityMode is not None, the Server shall verify that this Application Instance Certificate is the same as the one it used to create the SecureChannel." |
|
|
Agreed fix is in 1.05.04 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-10-09 16:04 | Randy Armstrong | New Issue | |
| 2024-10-10 17:44 | Jim Luth | Assigned To | => Jim Luth |
| 2024-10-10 17:44 | Jim Luth | Status | new => assigned |
| 2024-10-10 17:44 | Jim Luth | Product Version | 1.05.05 RC1 => 1.05.04 RC1 |
| 2024-10-10 17:44 | Jim Luth | Target Version | 1.05.05 RC1 => 1.05.04 |
| 2024-10-10 17:45 | Jim Luth | Note Added: 0021876 | |
| 2024-10-10 17:46 | Jim Luth | Status | assigned => resolved |
| 2024-10-10 17:46 | Jim Luth | Resolution | open => fixed |
| 2024-10-10 17:46 | Jim Luth | Fixed in Version | => 1.05.04 |
| 2025-05-06 16:16 | Jim Luth | Status | resolved => closed |
| 2025-05-06 16:16 | Jim Luth | Note Added: 0022708 |
