Uploaded image for project: 'Accumulo'
  1. Accumulo
  2. ACCUMULO-2700

SecurityOperation.authenticateSystemUser fails to properly validate system user

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.6.0
    • Component/s: None

      Description

      FindBugs found in the 1.6.0-SNAPSHOT branch that SecurityOperation.authenticateSystemUser(TCredentials credentials) does an improper comparison (equals) between AuthenticationToken and byte array.

      Additionally, upon visual inspection, it looks like the condition is not'd (missing a ! to throw the exception when the credentials don't match).

      The result appears to be that the system user is always authenticated, even if the credentials don't match. I haven't checked 1.5 yet to see if the bug applies there also.

        Attachments

          Activity

            People

            • Assignee:
              ctubbsii Christopher Tubbs
              Reporter:
              ctubbsii Christopher Tubbs
            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: