SECURITY ADVISORY: Potential Access to Sensitive Information when Clustering Shibboleth 2 IdPs
Potential Access to Sensitive Information when Clustering Shibboleth 2.X
Shibboleth 2 IdPs using the Terracotta clustering support MAY be
allowing access to sensitive information (e.g. passwords and user data).
Terracotta allows deployers to inspect runtime information via the
Java Management Extensions (JMX). Part of this runtime information
is the information being replicated between IdP cluster nodes which may
contain sensitive data.
All Shibboleth 2 IdPs using Terracotta clustering
Addressing the Issue
Block the Terracotta JMX port (default: 9520).
If you are using JMX then only allow those trusted machines to access
the JMX port.
Step 1 of the 'Configuring IdP Clustering' in the wiki has been
updated to more strongly suggest this as well.
Note, while Terracotta does allow you to assign a username/password that
is then required to access this port doing so breaks support for their
command line scripts (such as the recommend distributed garbage
Russell Beall, Univ of Southern California, for bring this to my attentions