qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPIDJMS-335) SCRAM-SHA mechanism impls erroneously escape "=" and "," in the password during processing
Date Mon, 16 Oct 2017 15:17:00 GMT

    [ https://issues.apache.org/jira/browse/QPIDJMS-335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16206048#comment-16206048
] 

ASF subversion and git services commented on QPIDJMS-335:
---------------------------------------------------------

Commit 89e8f9908c476a942e23c6762541df774db963fd in qpid-jms's branch refs/heads/master from
[~gemmellr]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-jms.git;h=89e8f99 ]

QPIDJMS-335: ensure SCRAM mechs only escape '=' and ',' for the username and not the password


> SCRAM-SHA mechanism impls erroneously escape "=" and "," in the password during processing
> ------------------------------------------------------------------------------------------
>
>                 Key: QPIDJMS-335
>                 URL: https://issues.apache.org/jira/browse/QPIDJMS-335
>             Project: Qpid JMS
>          Issue Type: Bug
>          Components: qpid-jms-client
>    Affects Versions: 0.26.0
>            Reporter: Robbie Gemmell
>            Assignee: Robbie Gemmell
>             Fix For: 0.27.0
>
>
> Per discussion on http://mail-archives.apache.org/mod_mbox/qpid-users/201710.mbox/%3C1507290028737-0.post%40n2.nabble.com%3E
the client is erroneously escaping "=" and "," during password handling, whereas the SCRAM
mechanisms only require this for the username and some other cases, causing authentication
to fail when they are present as the wrong value is used to compute the details sent to the
server.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message