You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Martin Grigorov (JIRA)" <ji...@apache.org> on 2015/03/30 21:10:55 UTC
[jira] [Resolved] (WICKET-5855) RememberMe functionality seems to
be broken after the change of the default crypt factory
[ https://issues.apache.org/jira/browse/WICKET-5855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Grigorov resolved WICKET-5855.
-------------------------------------
Resolution: Fixed
Fix Version/s: 7.0.0-M6
6.20.0
> RememberMe functionality seems to be broken after the change of the default crypt factory
> -----------------------------------------------------------------------------------------
>
> Key: WICKET-5855
> URL: https://issues.apache.org/jira/browse/WICKET-5855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-auth-roles
> Affects Versions: 7.0.0-M5, 6.19.0
> Reporter: Martin Grigorov
> Assignee: Martin Grigorov
> Fix For: 6.20.0, 7.0.0-M6
>
>
> The fix for CVE-2014-7808 seems to break the "rememberMe" functionality in wicket-auth-roles.
> DefaultAuthenticationStrategy uses the crypt factory to encrypt the user credentials. After restart of the application a new crypt factory is created with a new secret key. Now it is not possible to decrypt the saved credentials.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)