Skip to main content

TideCloak 0.6.45

A rollout of urgent bug fixes on top of previous release.

TideCloak fixes

Fixed removal of a Tide-realm-admin

Reducing the quorum size by removing the tide-realm-admin role from a user failed to change the quorum definition - resulting in the network still expecting the old quorum (with that user in it) to authorize changes.

Now, removing tide-realm-admin role will amend the quorum threshold settings correctly.

Fixed automatic license key rotation

The automated scheduled task renewing the VRK (license key) every month wasn't set correctly. Now scheduler works as designed.

Zero-Quorum stage expansion

A Zero-Quorum stage is when an IGA (Quorum) was activated on a realm but no user has been assigned a tide-realm-admin role yet. This means the quorum size is zero - and the actual owner of the VVK (Vendor Verifiable Key) is the VRK. The stage is, by design, temporary and is set to operate for up to 5 days to allow the realm administrator to set up a quorum to take over the ownership of the VVK. If that stage lapsed without a quorum, the VRK ownership will expire and the VVK will be forever locked out. During the Zero-quorum stage, the IGA works as designed, but without the cryptographical approval of each change - because there are no cryptographic admins (admins with a Tide account). This makes the IGA less secure than in its full operational mode, since a compromised VRK (that reside locally in TideCloak) can approve anything.

Originally, during that stage, an administrator could only use the IGA to allow one thing only: set up the first tide-realm-admin. Now, that has changed, and the administrator can use the IGA to authorize anything, up until the first tide-realm-admin is set - from there, the Quorum is set and the IGA works as normal.

Fixed decentralized key network issue

An issue was found where TideCloak's management of the VVK failed because not enough ORK nodes were found in time. Now, accommodations for network latency and failures have been placed to fix this.

CyberSec Fabric fixes

Allow more authorizations during zero-quorum stage

The Fabric was originally limited to only accept one authorization in a Zero-Quorum stage and that was adding the first quorum member. Now, it's allowing any authorizations to happen within the valid period of the zero-quorum stage (default set to 5 days).

Fixed partial quorum network issue

ORKs are now accommodating for network latency when generating keys.