[torquedev] TORQUE authorization security vulnerability

Ken Nielson knielson at adaptivecomputing.com
Tue Aug 9 15:58:51 MDT 2011


----- Original Message -----
> From: "Chris Samuel" <samuel at unimelb.edu.au>
> To: torquedev at supercluster.org
> Sent: Tuesday, August 9, 2011 3:18:32 PM
> Subject: Re: [torquedev] TORQUE authorization security vulnerability
> On Wed, 10 Aug 2011 05:43:22 AM Ken Nielson wrote:
> 
> > there is a security vulnerability in the TORQUE authorization
> > between client and server
> 
> Any chance of details please ? Given it's likely the
> black hats probably know already I don't think Security
> Through Obscurity(tm) is going to buy us much..

I am checking with the source of this alert to make sure I can publish the algorithm. I also do not want to catch anyone by surprise and create problems in their clusters before they get a chance to look at this. 

Ken


More information about the torquedev mailing list