[JBoss JIRA] (MODCLUSTER-338) Advertise adds a message digest even if security key is not configured

Thursday, 23 January 2014

     [
https://issues.jboss.org/browse/MODCLUSTER-338?page=com.atlassian.jira.pl...
]

Radoslav Husar updated MODCLUSTER-338:
--------------------------------------

              Status: Pull Request Sent  (was: Reopened)
    Git Pull Request: https://github.com/modcluster/mod_cluster/pull/58,
https://github.com/modcluster/mod_cluster/pull/18  (was:
https://github.com/modcluster/mod_cluster/pull/18)

Reopening -- not good for backward compatibility of 1.2.x native to 1.3.x Java (i.e.
security key would have to be configured).

Fix via https://github.com/modcluster/mod_cluster/pull/58

...
 Advertise adds a message digest even if security key is not
configured
 ----------------------------------------------------------------------

                 Key: MODCLUSTER-338
                 URL: https://issues.jboss.org/browse/MODCLUSTER-338
             Project: mod_cluster
          Issue Type: Bug
    Affects Versions: 1.2.4.Final
            Reporter: Radoslav Husar
            Assignee: Radoslav Husar
             Fix For: 1.3.0.Alpha1

 As wireshark hints, the message digest is always included in the message even if the
advertise security key is not configured.
 This would not be such a problem if the salt actually used wouldn't be random bits
from the memory.
 This renders the digest completely useless since it can never be verified. 
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009