FuzzManager icon indicating copy to clipboard operation
FuzzManager copied to clipboard
verified publisher icon MozillaSecurity

Token hardening.

Open jschwartzentruber opened this issue 2 years ago • 3 comments

The current API token for crash reporting during fuzzing is an unrestricted token shared by all fuzzing instances and also used for local team members during ad-hoc fuzzing. In the event of a token leak, all crash and signature data on the server can be read.

Some possibilities for improvements:

  1. Add capability for tokens to be write-only for use by fuzzing instances. Done
  2. Implement token expiry to force rotation.
  3. Rate limit tokens to a reasonable maximum to prevent a leaked write-only token from flooding the server.
  4. Segment tokens by tool so tokens can only report crashes for the intended tool.

jschwartzentruber avatar Jun 19 '23 13:06 jschwartzentruber

  1. IP restrictions for API usage. Automation tokens should be restricted to the datacentres we're using.

jschwartzentruber avatar Jun 21 '23 15:06 jschwartzentruber

2b. django-rest-knox supports token expiry, which could be bumped whenever last-login is updated by UI login. This also solves the problem that SSO account disable does not invalidate tokens.

jschwartzentruber avatar Jun 26 '23 15:06 jschwartzentruber

See https://github.com/MozillaSecurity/FuzzManager-dev/issues/22

jschwartzentruber avatar Jan 10 '25 22:01 jschwartzentruber