[jboss-jira] [JBoss JIRA] (JGRP-1487) X509Token Authentication vulnerable to replay attacks

sreenivas chinimilli created JGRP-1487: ------------------------------------------ Summary: X509Token Authentication vulnerable to replay attacks Key: JGRP-1487 URL: https://issues.jboss.org/browse/JGRP-1487 Project: JGroups Issue Type: Bug Affects Versions: 3.0.9 Reporter: sreenivas chinimilli Assignee: Bela Ban In the implementation of X509Token Authentication The auth_value is enrypted with the certificate within the keystore and during verification encrypted auth value is decrypted with the private key compared against the orignial auth value. This implementation is prone to replay attacks, that is any user with out having any knowledge of the auth value can join the group by replaying the enrypted auth value captured in earlier sessions. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira