You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2017/10/16 15:17:00 UTC
[jira] [Commented] (QPIDJMS-335) SCRAM-SHA mechanism impls
erroneously escape "=" and "," in the password during processing
[ https://issues.apache.org/jira/browse/QPIDJMS-335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16206048#comment-16206048 ]
ASF subversion and git services commented on QPIDJMS-335:
---------------------------------------------------------
Commit 89e8f9908c476a942e23c6762541df774db963fd in qpid-jms's branch refs/heads/master from [~gemmellr]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-jms.git;h=89e8f99 ]
QPIDJMS-335: ensure SCRAM mechs only escape '=' and ',' for the username and not the password
> SCRAM-SHA mechanism impls erroneously escape "=" and "," in the password during processing
> ------------------------------------------------------------------------------------------
>
> Key: QPIDJMS-335
> URL: https://issues.apache.org/jira/browse/QPIDJMS-335
> Project: Qpid JMS
> Issue Type: Bug
> Components: qpid-jms-client
> Affects Versions: 0.26.0
> Reporter: Robbie Gemmell
> Assignee: Robbie Gemmell
> Fix For: 0.27.0
>
>
> Per discussion on http://mail-archives.apache.org/mod_mbox/qpid-users/201710.mbox/%3C1507290028737-0.post%40n2.nabble.com%3E the client is erroneously escaping "=" and "," during password handling, whereas the SCRAM mechanisms only require this for the username and some other cases, causing authentication to fail when they are present as the wrong value is used to compute the details sent to the server.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org