Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: features we're not sure of
Affects Version/s: None
Component/s: Shell
Labels:
- platforms-re-triaged

Assigned Teams:

Server Security
Sprint:
Security 2019-08-12, Security 2019-08-26, Security 2019-09-09
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

When wire protocol compression is enabled, the shell should avoid compressing authentication and user management commands.

This would be in effort to mitigate any risks, although very unlikely such as BEAST and CRIME attacks.

This includes, but may not be limited to:

saslStart
saslContinue
getnonce
authenticate
createUser
updateUser
copydbSaslStart
copydbgetnonce
copydb

Assignee:: [DO NOT USE] Backlog - Security Team
Reporter:: Hannes Magnusson (Inactive)
Participants:: [DO NOT USE] Backlog - Security Team, Hannes Magnusson
Votes:: 0 Vote for this issue
Watchers:: 7 Start watching this issue

Created:: Apr 26 2017 07:47:15 PM UTC
Updated:: Dec 06 2022 04:02:15 AM UTC
Confidence Status Last Update:: 20/Sep/19 4:53 PM