[jboss-jira] [JBoss JIRA] Commented: (SECURITY-344) Error decrypting datasource password with SecureIdentityLoginModule

Christian Schlüter (JIRA) jira-events at lists.jboss.org
Fri Feb 4 04:45:39 EST 2011 

    [ https://issues.jboss.org/browse/SECURITY-344?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12580100#comment-12580100 ] 

Christian Schlüter commented on SECURITY-344:
---------------------------------------------

opened a new ticket for that: SECURITY-563

> Error decrypting datasource password with SecureIdentityLoginModule
> -------------------------------------------------------------------
>
>                 Key: SECURITY-344
>                 URL: https://issues.jboss.org/browse/SECURITY-344
>             Project: PicketBox (JBoss Security and Identity Management)
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: JBossSX
>    Affects Versions: JBossSecurity_2.0.2.SP3
>            Reporter: Marcus Moyses
>            Assignee: Marcus Moyses
>             Fix For: JBossSecurity_2.0.2.SP4
>
>
> During password decryption using SecureIdentityLoginModule there could be an error due to missing leading zeros for certain passwords.
> This error might appear in the log:
> [SecureIdentityLoginModule] Failed to decode password
> javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
>        at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
>        at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
>        at com.sun.crypto.provider.BlowfishCipher.engineDoFinal(DashoA12275)
>        at javax.crypto.Cipher.doFinal(DashoA12275)
>        at org.jboss.resource.security.SecureIdentityLoginModule.decode(SecureIdentityLoginModule.java:173)
>        at org.jboss.resource.security.SecureIdentityLoginModule.commit(SecureIdentityLoginModule.java:114)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:585)
>        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
>        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) 

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list