[jboss-jira] [JBoss JIRA] (AS7-5278) authentication succeed if the security-realm secret value only differ by additional characters (invalid base64)
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Tue Jul 31 10:58:06 EDT 2012
[ https://issues.jboss.org/browse/AS7-5278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse reassigned AS7-5278:
-------------------------------------
Assignee: Darran Lofthouse
> authentication succeed if the security-realm secret value only differ by additional characters (invalid base64)
> ---------------------------------------------------------------------------------------------------------------
>
> Key: AS7-5278
> URL: https://issues.jboss.org/browse/AS7-5278
> Project: Application Server 7
> Issue Type: Bug
> Affects Versions: 7.1.2.Final (EAP)
> Reporter: Wolf-Dieter Fink
> Assignee: Darran Lofthouse
>
> A secured remoting connection can be still used if the secret contains a former valid value but append a character to an invalid base64 string.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list