You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by Vamsavardhana Reddy <va...@apache.org> on 2007/10/22 09:13:57 UTC

SQLLoginModule Security alert in Geronimo 2.0.2 and 2.0.1

Hi,

One of our committers, Jarek Gawor, has identified a security issue with
SQLLoginModule.  See the related JIRA
https://issues.apache.org/jira/browse/GERONIMO-3543 .  Authentication
succeeds with SQLLoginModule if logging in with an username that does not
exist in the database.  The issue affects the use of only Database (SQL)
Realms in released versions 2.0.1 and 2.0.2.  The issue has already been
fixed in the codebase and we will be available in the next release expected
soon.

++Vamsi