You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@jmeter.apache.org by bu...@apache.org on 2017/10/16 13:07:52 UTC
[Bug 61622] New: HTTP Authorization Manager: Colon in Username is
not rejected for BASIC_DIGEST
https://bz.apache.org/bugzilla/show_bug.cgi?id=61622
Bug ID: 61622
Summary: HTTP Authorization Manager: Colon in Username is not
rejected for BASIC_DIGEST
Product: JMeter
Version: 3.3
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: HTTP
Assignee: issues@jmeter.apache.org
Reporter: marius.spix@web.de
Target Milestone: ---
RFC 2617 does not allow usernames which include a colon ':', however, the HTTP
Authorization Manager does. This causes creation of nonsense Authorization
headers, as all parts of the username after the first colon are interpreted as
part of the password.
The HTTP Authorization Manager should reject usernames with a colon.
JMeter Version: 3.3 r1808647
--
You are receiving this mail because:
You are the assignee for the bug.