tmp/auth/ challenge files are not deleted when access is via a remote client ---------------------------------------------------------------------------- Key: AS7-5220 URL: https://issues.jboss.org/browse/AS7-5220 Project: Application Server 7 Issue Type: Bug Components: Domain Management, Security Affects Versions: 7.1.2.Final (EAP) Reporter: Tom Fonteyne Assignee: Darran Lofthouse Priority: Critical Labels: as713tracking Fix For: 7.2.0.Alpha1, 7.1.4.Final (EAP) the authentication process that creates temporary files in tmp/auth is not deleting them when a JMX client connects. At an extreme, this would be a DOS attack, as the disk could fill up.