ui source IPv6 address filtering allows more source IP addresses in than desired if no subnet mask is provided

XMLWordPrintable

    • Type: Improvement
    • Resolution: Fixed
    • Priority: Minor
    • 4.1.2
    • Affects Version/s: None
    • Component/s: None
    • None

      Richard Frovarp
      4:53 PM
      related to the grouperUi.configurationEditor.sourceIpAddresses processing with respect to IPv6. The way it is, it is likely allowing way more IPv6 IPs through than desired. That makes it a minor security issue. So, out of an abundance of caution, I'm messaging you direct since I can't find a security contact.
      4:56
      GrouperUtil.java:13555 in ipOnNetworks it is adding a /32 subnet onto IPv6 address. My subnetting sucks, but that turns it into 4 billion address. So my static of 2001:4930:106::21 ends up covering 2001:4930 in its entirety. I believe that should be a /128

            Assignee:
            Chris Hyzer (upenn.edu)
            Reporter:
            Chris Hyzer (upenn.edu)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: