Geronimo
  1. Geronimo
  2. GERONIMO-3543

SQLLoginModule successfully authenticates non-existent users

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0, 2.0.1, 2.0.2, 2.1
    • Fix Version/s: 2.0.3, 2.1
    • Component/s: security
    • Security Level: public (Regular issues)
    • Labels:
      None
    • Patch Info:
      Patch Available
    • Regression:
      Regression

      Description

      Authentication succeeds with SQLLoginModule if logging in with an username that does not exist in the database.

      1. GERONIMO-3543.patch
        3 kB
        Vamsavardhana Reddy

        Activity

        Hide
        Vamsavardhana Reddy added a comment -

        Completed: At revision: 587006
        o Fixed the LoginModule to throw FailedLoginException for non-existent user
        o Added a test to detect regression

        **: This commit can use a thorough review.

        Show
        Vamsavardhana Reddy added a comment - Completed: At revision: 587006 o Fixed the LoginModule to throw FailedLoginException for non-existent user o Added a test to detect regression **: This commit can use a thorough review.

          People

          • Assignee:
            Vamsavardhana Reddy
            Reporter:
            Jarek Gawor
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development