Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-5160

Wildcard subscriptions bypass Authentication / Authorization

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      I am using MQTT on AMQ 5.9.1
      After latest MQTT hardening from Dhiraj Sureshkumar Bokde , there is an issue of MQTT retained messages.

      Simple case:
      Set Authentication / Authorization for two different TOPICS.
      Send retained message to one topic.

      Try to subscribe "#" with other second user.
      It will show retained messages published by TOPIC 1.

      here i have attached test configurations.

      Attachments

        1. activemq.xml
          3 kB
          Surf
        2. groups.properties
          1.0 kB
          Surf
        3. login.config
          1 kB
          Surf
        4. users.properties
          1.0 kB
          Surf
        5. patch.txt
          11 kB
          Dejan Bosanac

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            dejanb Dejan Bosanac
            surfnerd Surf
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment