Uploaded image for project: 'Qpid JMS'
  1. Qpid JMS
  2. QPIDJMS-260

SCRAM SASL should verify the server-final message

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • None
    • None
    • qpid-jms-client
    • None

    Description

      QPID-7282 addressed the issue that the Java Broker was not sending the server-final message in the SCRAM-* SASL exchange, however this omission was not causing the clients to fail, since they blindly accept the server's acceptance of their credentials.

      Clients implementing SCRAM-* or similar protocols which include a client verification step, should perform the verification of the server and fail or warn (to be configured by a system property) if the verification does not occur or it fails.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. QPIDJMS-294 The SCRAM-SHA-* SASL mechanisms should verify the server final message if it is sent in the additional-data field of sasl-outcome

          • Major - Major loss of function.
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. QPID-7292 Qpid clients should verify the server-final message when using SCRAM-* authentication

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              kwall Keith Wall
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: