Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
M2.1, M3, M4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.10, 0.11
-
None
-
Qpid .NET 0-8 client
Description
There is a defect in the CRAM MD5 Hex SASL mechanism within the Qpid broker that prevents some passwords from being used to connect from the Qpid 0-8 .Net client. The defect does not affect authentications using the same password from the Java client as it connects using a different SASL mechanism.
The defect seemingly affects about 30% of all possible passwords. It shows no bias towards strong/weak passwords as the defect in the mechanism is after the cleartext has been MD5 digested.
The client sees a 503 exception (Apache.Qpid.Client.AMQAuthenticationException: not allowed) from the new AMQConnection(QpidConnectionInfo) constructor.