[torquedev] TORQUE authorization security vulnerability
Steve Traylen
steve.traylen at cern.ch
Wed Aug 10 11:17:08 MDT 2011
On Tue, Aug 9, 2011 at 9:43 PM, Ken Nielson
<knielson at adaptivecomputing.com> wrote:
> I do not know how wide spread this is but there is a security vulnerability in the TORQUE authorization between client and server when using the default authorization method. Using MUNGE closes this hole but we would like to add an additional, more universal secure authorization method.
>
CVE-2011-2907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2907
has now been reserved for this security vulnerability. Nothing to
actually see there
yet.
Steve.
--
Steve Traylen
More information about the torquedev
mailing list