Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-15961

PKIAuthenticationPlugin.parseCipher is too lenient, causing unnecessary authentication errors

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • None
    • 9.0, 8.11.2, main (10.0)
    • None
    • None

    Description

      It will accept an input SolrAuth header as valid with an invalid/outdated public key as long as the output of CryptoKeys.decryptRSA ends with a space followed by a number. It will interpret the number as a (very small) timestamp, which will cause the request to fail with 401, instead of re-fetching the public key from the remote host.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #575

          Activity

            People

              tflobbe Tomas Eduardo Fernandez Lobbe
              tflobbe Tomas Eduardo Fernandez Lobbe
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h
                  1h