Uploaded image for project: 'ActiveMQ .Net'
  1. ActiveMQ .Net
  2. AMQNET-415

Client with wrong credentials overloads server when using failover

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.5.6
    • Fix Version/s: 1.5.7
    • Component/s: ActiveMQ, NMS
    • Environment:

      ActiveMQ Broker 5.6.0

      Description

      If the ActiveMQ broker has been secured to enforce login credentials, the NMS client will continually attempt to authenticate against it if it is using the failover protocol.

      Steps to Reproduce:
      ----------------------
      1. Configure the broker to require login credentials for connections.
      2. Configure the NMS client to use failover mode.
      3. Configure the NMS client with incorrect login credentials.
      4. Attempt to connect the NMS client to the server.

      Results:
      ----------------------
      The client reattempts login continuously without backing off, and has a significant impact on the performance of the server.

      Expected:
      ----------------------
      The client should not enter failover, because it never successfully connected, and it would never expect to connect.

      Notes:
      ----------------------
      This was experienced using the OpenWire client, but a similar bug may exist in the STOMP client's failover code.
      The broker may also want to protect itself against this, as this is an easy attack vector for a DDoS. Just a couple of clients attempting to login with invalid credentials can dramatically impact the server's performance, not just the broker.

        Attachments

          Activity

            People

            • Assignee:
              jgomes Jim Gomes
              Reporter:
              jgomes Jim Gomes
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: