You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Keith Wall (JIRA)" <ji...@apache.org> on 2011/03/21 19:03:10 UTC

[jira] [Updated] (QPID-3158) .NET 0-8 clients fail to connect with some valid passwords

     [ https://issues.apache.org/jira/browse/QPID-3158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Keith Wall updated QPID-3158:
-----------------------------

    Attachment: 0001-QPID-3158-Defect-in-the-CRAM-MD5-HEX-mechanism-CRAMM.patch

This is a patch that addresses the issue on the trunk.  It includes a unit test for the CRAM-MD5-HEX mechanism.

> .NET 0-8 clients fail to connect with some valid passwords
> ----------------------------------------------------------
>
>                 Key: QPID-3158
>                 URL: https://issues.apache.org/jira/browse/QPID-3158
>             Project: Qpid
>          Issue Type: Bug
>          Components: Dot Net Client, Java Broker
>    Affects Versions: 0.5, 0.11
>         Environment: Qpid .NET 0-8 client
>            Reporter: Keith Wall
>            Assignee: Keith Wall
>         Attachments: 0001-QPID-3158-Defect-in-the-CRAM-MD5-HEX-mechanism-CRAMM.patch, 0001-QPID-3158-Defect-in-the-CRAM-MD5-HEX-mechanism-CRAMM.patch
>
>
> There is a defect in the CRAM MD5 Hex SASL mechanism within the Qpid broker that prevents some passwords from being used to connect from the Qpid 0-8 .Net client. The defect does not affect authentications using the same password from the Java client as it connects using a different SASL mechanism.
> The defect seemingly affects about 30% of all possible passwords. It shows no bias towards strong/weak passwords as the defect in the mechanism is after the cleartext has been MD5 digested.
> The client sees a 503 exception (Apache.Qpid.Client.AMQAuthenticationException: not allowed) from the new AMQConnection(QpidConnectionInfo) constructor.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org