[Openstack-security] [openstack/keystone] SecurityImpact review request change Ibe4a2e57a02c261d85ba6c0d61696f134c54443e
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Apr 24 14:38:09 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/89612
Log:
commit fd719997c185d016637dca0237bd8c145415c7e8
Author: Matthieu Huin <mhu at enovance.com>
Date: Tue Apr 22 17:14:25 2014 +0200
More random values for oAuth1 verifier
The oAuth1 verifier was generated as a random number ranging from
1000 to 9999. This small range of numbers is vulnerable to
brute-force attacks as described in CWE-330. The verifier is now
a 8-character long alphanumerical string, a good compromise between
security against guessing and ease of use.
SecurityImpact
Change-Id: Ibe4a2e57a02c261d85ba6c0d61696f134c54443e
Closes-Bug: #1236675
More information about the Openstack-security
mailing list