Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
qpid-java-broker-7.0.0
-
None
Description
A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQP 1.0 and HTTP connections are not affected.
Authentication Providers of following types supports PLAIN SASL mechanism:
- Plain
- PlainPasswordFile
- SimpleLDAP
- Base64MD5PasswordFile
- MD5
- SCRAM-SHA-256
- SCRAM-SHA-1
XOAUTH2 SASL mechanism is supported by Authentication Providers of type OAuth2.
If an AMQP port is configured with any of these Authentication Providers, the Broker may be vulnerable.
The current implementation of SASL mechanisms PLAIN and XOAUTH2 require from client to provide an initial response. PLAIN and XOAUTH2 sasl mechanism implementations should send challenge (empty bytes) if initial response is not provided. See RFC4616.
Attachments
Issue Links
- links to