You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@jmeter.apache.org by bu...@apache.org on 2017/10/16 13:07:52 UTC

[Bug 61622] New: HTTP Authorization Manager: Colon in Username is not rejected for BASIC_DIGEST

https://bz.apache.org/bugzilla/show_bug.cgi?id=61622

            Bug ID: 61622
           Summary: HTTP Authorization Manager: Colon in Username is not
                    rejected for BASIC_DIGEST
           Product: JMeter
           Version: 3.3
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTTP
          Assignee: issues@jmeter.apache.org
          Reporter: marius.spix@web.de
  Target Milestone: ---

RFC 2617 does not allow usernames which include a colon ':', however, the HTTP
Authorization Manager does. This causes creation of nonsense Authorization
headers, as all parts of the username after the first colon are interpreted as
part of the password.

The HTTP Authorization Manager should reject usernames with a colon.

JMeter Version: 3.3 r1808647

-- 
You are receiving this mail because:
You are the assignee for the bug.