Security vulnerabilities and automated fixes for network protocol issues
1 post found
A medium-severity vulnerability in `daemon/src/odl_tb5_daemon_sync_proto.c` allowed any network entity that could reach the daemon's listening port to send crafted sync protocol messages without any authentication challenge. The fix introduces HMAC-SHA256 message authentication tags stamped directly into the sync header's reserved field, ensuring that only peers with the correct pre-shared key can send messages that the daemon will accept. This closes a significant attack surface that could have