]
Paul Ferraro updated WFLY-8848:
-------------------------------
Summary: AUTH feature - plain token does case-insensitive comparison of shared secrets
(was: AUTH feature - plain tokes does case-insensitive comparison of shared secrets)
AUTH feature - plain token does case-insensitive comparison of shared
secrets
-----------------------------------------------------------------------------
Key: WFLY-8848
URL:
https://issues.jboss.org/browse/WFLY-8848
Project: WildFly
Issue Type: Bug
Components: Clustering
Affects Versions: No Release
Reporter: Paul Ferraro
Assignee: Paul Ferraro
The same approach is used for a digest token (MD5 or SHA algorithm), where it is not a
problem due to converting the shared secret to HEX prior doing case-insensitive compare.
It is however a problem for a plain token.