2 matches found
BIT-NIFI-2020-9487
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token one-time password mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens,...
Quantum Secure Key Exchange with Position-Based Credentials
Quantum key distribution QKD provides an information-theoretic way of securely exchanging secret keys, and typically relies on pre-shared keys or public keys for message authentication. To lift the requirement of pre-shared or public keys, Buhrman et. al. SIAM J. Comput. 43, 150 2014 proposed...