[WICKET-5855] RememberMe functionality seems to be broken after the change of the default crypt factory - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 7.0.0-M5, 6.19.0
Fix Version/s: 6.20.0, 7.0.0-M6
Component/s: wicket-auth-roles
Labels:
None

Description

The fix for CVE-2014-7808 seems to break the "rememberMe" functionality in wicket-auth-roles.
DefaultAuthenticationStrategy uses the crypt factory to encrypt the user credentials. After restart of the application a new crypt factory is created with a new secret key. Now it is not possible to decrypt the saved credentials.

Attachments

Activity

People

Assignee:: Martin Tzvetanov Grigorov

Reporter:: Martin Tzvetanov Grigorov

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10/Mar/15 22:25

Updated:: 30/Mar/15 19:10

Resolved:: 30/Mar/15 19:10