[midPoint-git] [Evolveum/midpoint] 63ff33: Fix guessable work item ID weakness (MID-5291)
mederly
noreply at github.com
Thu Apr 18 10:33:43 CEST 2019
Branch: refs/heads/master
Home: https://github.com/Evolveum/midpoint
Commit: 63ff338b323a9a963b4dcc4c5b05e91baeea697e
https://github.com/Evolveum/midpoint/commit/63ff338b323a9a963b4dcc4c5b05e91baeea697e
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2019-04-18 (Thu, 18 Apr 2019)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/component/wf/WorkItemsPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/PageWorkItem.java
A gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/workflow/dto/ProtectedWorkItemId.java
Log Message:
-----------
Fix guessable work item ID weakness (MID-5291)
In addition to the work item number we expect and check SHA256 hash
of some parts of the work item. The attacker does not know them,
so he is unable to create/guess the respective URL.
More information about the midPoint-svn
mailing list