[CXF-4718] UsernameTokenInterceptor is not caching nonces - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.5.7, 2.6.4, 2.7.1
Fix Version/s: 2.5.8, 2.6.5, 2.7.2
Component/s: WS-* Components
Labels:
None

Estimated Complexity:
Unknown

Description

The UsernameTokenInterceptor, which is used to send + process WS-Security UsernameTokens using a streaming implementation rather than WSS4J, is not caching nonces, and hence is vulnerable to replay attacks.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/Dec/12 10:31

Updated:: 28/Feb/13 17:27

Resolved:: 21/Dec/12 11:46