Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-262

WSS4J accepts Timestamps that are "Created" in the future

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.5.10
    • 1.6, 1.5.11
    • WSS4J Axis Integration
    • None

    Description


      The Timestamp processor accepts Timestamps that are "Created" in the future. This is not good as it could lead to replay attacks.

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. CXF-3208 Timestamp validation in ws-security

          • Major - Major loss of function.
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. WSS-274 Add support for allowing future-dated Timestamps

          • Major - Major loss of function.
          • Closed

          Activity

            People

              coheigea Colm O hEigeartaigh
              coheigea Colm O hEigeartaigh
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: