Bug in Rights Management - Read Only User gehts error accessing Certificate management

Dear Sophos

I Updated one of our demo devices to Beta2 and created a Let's Encrypt Certificate with the buildin "admin" user.

 

After Accessing the "Webserver Protection > Certificate Management > Certificates" Menue with our Read Only "demo" User i got the following Informational Message:

"Can't use string ("0") as a HASH ref while "strict refs" in use at /wfe/asg/modules/asg_ca.pm line 354. "

If You Access the Advanced Tab there is the same Infomational Message Window with the Following Message:

"Can't use string ("0") as a HASH ref while "strict refs" in use at /wfe/asg/modules/asg_ca.pm line 131. "

 

The Tabs "Certificate Authority" and "CRL" are working fine.

 

 

It would be possible to grant access to this device, but I think this issue should be reproduceable.

Yours Lukas

  • Hi Lukas,

    we are sorry, but we can't reproduce your issue locally. From reading the code we can see that some Confd call seems to fail, but we don't know why. Do you mind to provide us the confd-debug.log (via IM) covering a time when your issue was triggered? We hope to find more insights in that log.

    Regards,
    Micha

  • In reply to mle:

    you got the log via PM

  • In reply to lna:

    Thank you, that helped us to understand what's going on, and we are now able to reproduce the issue locally.

    Apparently a user logged in with an Auditor role limited to view pages with "Web Application Protection Auditor" permission is able to load the page, but gets the error.

    We are now tracking this issue internally as NUTM-10419.