[QPID-3158] .NET 0-8 clients fail to connect with some valid passwords - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: M2.1, M3, M4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.10, 0.11
Fix Version/s: 0.11
Component/s: .NET Client, Broker-J
Labels:
None
Environment:

Qpid .NET 0-8 client

Description

There is a defect in the CRAM MD5 Hex SASL mechanism within the Qpid broker that prevents some passwords from being used to connect from the Qpid 0-8 .Net client. The defect does not affect authentications using the same password from the Java client as it connects using a different SASL mechanism.

The defect seemingly affects about 30% of all possible passwords. It shows no bias towards strong/weak passwords as the defect in the mechanism is after the cleartext has been MD5 digested.

The client sees a 503 exception (Apache.Qpid.Client.AMQAuthenticationException: not allowed) from the new AMQConnection(QpidConnectionInfo) constructor.

Attachments

0001-QPID-3158-Defect-in-the-CRAM-MD5-HEX-mechanism-CRAMM_trunk.patch
22/Mar/11 08:07
14 kB
Keith Wall
0001-QPID-3158-Defect-in-the-CRAM-MD5-HEX-mechanism-CRAMM.patch
21/Mar/11 18:02
20 kB
Keith Wall

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Robbie Gemmell

Reporter:: Keith Wall

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 21/Mar/11 09:00

Updated:: 29/Jul/13 18:54

Resolved:: 31/Mar/11 13:27

Agile

View on Board

.NET 0-8 clients fail to connect with some valid passwords

Details

Description

Attachments

Attachments

Activity

People

Dates

Agile

Slack

Issue deployment