[Openstack-security] [openstack/keystone] SecurityImpact review request change Ibe4a2e57a02c261d85ba6c0d61696f134c54443e

gerrit2 at review.openstack.org gerrit2 at review.openstack.org
Thu Apr 24 09:47:32 UTC 2014


Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/89612

Log:
commit 672165b68c1d6a5f9d4538f985b2578deedbf4be
Author: Matthieu Huin <mhu at enovance.com>
Date:   Tue Apr 22 17:14:25 2014 +0200

    More random values for oAuth1 verifier
    
    The oAuth1 verifier was generated as a random number ranging from
    1000 to 9999. This small range of numbers is vulnerable to
    brute-force attacks as described in CWE-330. The verifier is now
    a 8-character long alphanumerical string, a good compromise between
    security against guessing and ease of use.
    
    SecurityImpact
    Change-Id: Ibe4a2e57a02c261d85ba6c0d61696f134c54443e
    Closes-Bug: #1236675





More information about the Openstack-security mailing list