Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-4678

ui source IPv6 address filtering allows more source IP addresses in than desired if no subnet mask is provided

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • 4.1.2
    • None
    • None
    • None

    Description

      Richard Frovarp
      4:53 PM
      related to the grouperUi.configurationEditor.sourceIpAddresses processing with respect to IPv6. The way it is, it is likely allowing way more IPv6 IPs through than desired. That makes it a minor security issue. So, out of an abundance of caution, I'm messaging you direct since I can't find a security contact.
      4:56
      GrouperUtil.java:13555 in ipOnNetworks it is adding a /32 subnet onto IPv6 address. My subnetting sucks, but that turns it into 4 billion address. So my static of 2001:4930:106::21 ends up covering 2001:4930 in its entirety. I believe that should be a /128

      Attachments

        Activity

          People

            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: