[jboss-jira] [JBoss JIRA] Created: (JBAS-4326) Overwriting an existing passwordFile with FilePassword can corrupt the file
Thorsten Gast (JIRA)
jira-events at lists.jboss.org
Thu Apr 12 11:02:58 EDT 2007
Overwriting an existing passwordFile with FilePassword can corrupt the file
---------------------------------------------------------------------------
Key: JBAS-4326
URL: http://jira.jboss.com/jira/browse/JBAS-4326
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Security
Affects Versions: JBossAS-4.0.5.GA, JBossAS-4.0.3 SP1
Environment: Windows XP, JDK 5
Reporter: Thorsten Gast
Assigned To: Scott M Stark
When you create a passwordFile with org.jboss.security.plugins.FilePassword which generates a 16 bytes long
encoded password and afterwards overwrite this file with a shorter password, the second eight bytes of the former
password are still in the file.
When now decode tries to decrypt the password from the passwordFile it reads 16 bytes instead of the correct eight bytes and
throws a BadPaddingException.
Sure, the workaround to delete the file prior to generation is eligible, but wouldn't it be nicer to have it done automatically.
And if it's only for all the newbies, which don't have to debug into that.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list