[jboss-jira] [JBoss JIRA] Resolved: (SECURITY-344) Error decrypting datasource password with SecureIdentityLoginModule

Marcus Moyses (JIRA) jira-events at lists.jboss.org
Mon Jan 26 14:22:44 EST 2009 

     [ https://jira.jboss.org/jira/browse/SECURITY-344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marcus Moyses resolved SECURITY-344.
------------------------------------

    Resolution: Done


Create a fix to pad with leading zeros when necessary.

> Error decrypting datasource password with SecureIdentityLoginModule
> -------------------------------------------------------------------
>
>                 Key: SECURITY-344
>                 URL: https://jira.jboss.org/jira/browse/SECURITY-344
>             Project: JBoss Security and Identity Management
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: JBossSX
>    Affects Versions: 2.0.2.SP3
>            Reporter: Marcus Moyses
>            Assignee: Marcus Moyses
>             Fix For: 2.0.2.SP5
>
>
> During password decryption using SecureIdentityLoginModule there could be an error due to missing leading zeros for certain passwords.
> This error might appear in the log:
> [SecureIdentityLoginModule] Failed to decode password
> javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
>        at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
>        at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
>        at com.sun.crypto.provider.BlowfishCipher.engineDoFinal(DashoA12275)
>        at javax.crypto.Cipher.doFinal(DashoA12275)
>        at org.jboss.resource.security.SecureIdentityLoginModule.decode(SecureIdentityLoginModule.java:173)
>        at org.jboss.resource.security.SecureIdentityLoginModule.commit(SecureIdentityLoginModule.java:114)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:585)
>        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
>        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list