Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[dev.icinga.com #11482] API User gets wrongly authenticated (client_cn and no password) #4076

Closed
icinga-migration opened this issue Mar 31, 2016 · 4 comments
Labels
area/api REST API bug Something isn't working
Milestone

Comments

@icinga-migration
Copy link

This issue has been migrated from Redmine: https://dev.icinga.com/issues/11482

Created by dboerm on 2016-03-31 06:39:09 +00:00

Assignee: mfriedrich
Status: Resolved (closed on 2016-04-04 14:40:09 +00:00)
Target Version: 2.4.5
Last Update: 2016-04-20 08:16:05 +00:00 (in Redmine)

Icinga Version: 2.4.4-1~ppa1~trusty1
Backport?: Already backported
Include in Changelog: 1

Hi,

i have the following in my config

object ApiUser "test" {
  client_cn = "foobar_api_test"
  permissions = [ "actions/process-check-result" ]
}

and with the following command

curl -k -s -H 'Accept: application/json' -X POST 'https://127.0.0.1:5665/v1/actions/process-check-result?host=api_test' -d '{"exit_status": 0, "plugin_output": "OK"}' -u test:

the output is:

{"results":[{"code":200.0,"status":"Successfully processed check result for object 'api_test'."}]}

if i provide a certificate that is NOT signed by the icinga CA, then i get correctly an "Unauthorized" Message. if i then do the same request (invalid certificat) but with

-u test:

it works again.

Changesets

2016-04-04 14:38:47 +00:00 by mfriedrich d2f5008

API: Ensure that empty passwords w/ client_cn are properly checked

fixes #11482

2016-04-20 08:09:33 +00:00 by mfriedrich 5910f2e

API: Ensure that empty passwords w/ client_cn are properly checked

fixes #11482
@icinga-migration
Copy link
Author

Updated by mfriedrich on 2016-03-31 09:47:33 +00:00

  • Status changed from New to Assigned
  • Assigned to set to mfriedrich
  • Priority changed from Normal to High
  • Target Version set to 2.4.5

@icinga-migration
Copy link
Author

Updated by mfriedrich on 2016-04-04 14:38:41 +00:00

  • Priority changed from High to Urgent

Might be worth a CVE, though Mitre changed their handling of CVE numbers recently which renders this nearly impossible.
https://cve.mitre.org/cve/data\_sources\_product\_coverage.html

I'm raising the issue priority once more, fix is already on my test stage.

@icinga-migration
Copy link
Author

Updated by mfriedrich on 2016-04-04 14:40:09 +00:00

  • Status changed from Assigned to Resolved
  • Done % changed from 0 to 100

Applied in changeset d2f5008.

@icinga-migration
Copy link
Author

Updated by gbeutner on 2016-04-20 08:16:05 +00:00

  • Backport? changed from Not yet backported to Already backported

@icinga-migration icinga-migration added Urgent bug Something isn't working area/api REST API labels Jan 17, 2017
@icinga-migration icinga-migration added this to the 2.4.5 milestone Jan 17, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/api REST API bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant