[HIGH] Proxy authentication without shared secret

## Summary

ProxyAuthenticationProvider validates based solely on source IP CIDR ranges. No shared secret or request signing validates header authenticity. Attackers within trusted network can forge identity headers.

## Location

`src/phlo/capabilities/authentication.py` lines 221-335

## Vulnerable Code

```python
def _is_trusted_proxy(self, client_ip: str) -> bool:
    for cidr in self._trusted_proxy_cidrs:
        if ipaddress.ip_address(client_ip) in ipaddress.ip_network(cidr):
            return True
```

## Recommended Fix

1. Require mTLS between proxy and service, or
2. Validate signed JWT/assertions from the proxy, or
3. Reject requests without proxy authentication signatures

---

**Severity:** P1 - High
**Category:** Security
**Audit Reference:** AUDIT.md


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[HIGH] Proxy authentication without shared secret #338

Summary

Location

Vulnerable Code

Recommended Fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[HIGH] Proxy authentication without shared secret #338

Description

Summary

Location

Vulnerable Code

Recommended Fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions