You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Martin Grigorov (JIRA)" <ji...@apache.org> on 2015/03/10 23:25:38 UTC

[jira] [Created] (WICKET-5855) RememberMe functionality seems to be broken after the change of the default crypt factory

Martin Grigorov created WICKET-5855:
---------------------------------------

             Summary: RememberMe functionality seems to be broken after the change of the default crypt factory
                 Key: WICKET-5855
                 URL: https://issues.apache.org/jira/browse/WICKET-5855
             Project: Wicket
          Issue Type: Bug
          Components: wicket-auth-roles
    Affects Versions: 6.19.0, 7.0.0-M5
            Reporter: Martin Grigorov


The fix for CVE-2014-7808 seems to break the "rememberMe" functionality in wicket-auth-roles.
DefaultAuthenticationStrategy uses the crypt factory to encrypt the user credentials. After restart of the application a new crypt factory is created with a new secret key. Now it is not possible to decrypt the saved credentials.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)