Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-5160

Wildcard subscriptions bypass Authentication / Authorization

    XMLWordPrintableJSON

Details

    Description

      I am using MQTT on AMQ 5.9.1
      After latest MQTT hardening from dhirajsb , there is an issue of MQTT retained messages.

      Simple case:
      Set Authentication / Authorization for two different TOPICS.
      Send retained message to one topic.

      Try to subscribe "#" with other second user.
      It will show retained messages published by TOPIC 1.

      here i have attached test configurations.

      Attachments

        1. activemq.xml
          3 kB
          Surf
        2. groups.properties
          1.0 kB
          Surf
        3. login.config
          1 kB
          Surf
        4. patch.txt
          11 kB
          Dejan Bosanac
        5. users.properties
          1.0 kB
          Surf

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. AMQ-5814 Wrong with role-based authorization when using right permission

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              dejanb Dejan Bosanac
              surfnerd Surf
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: