Comment 64 for bug 1490804
Revision history for this message
| Brant Knudson (blk-u) wrote Re: PKI Token Revocation Bypass | #64 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
The exploit doesn't require admin action. Tokens can be revoked by the user, or they can be revoked by the user changing their password. Tokens can also be made invalid by admins taking away the user's roles.