Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-533

Also use signing key when trying to detect message replay attacks

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0.4, 1.6.19, 2.1.0
    • Component/s: None
    • Labels:
      None

      Description


      Currently we use the Timestamp created value + signature value as a key to avoid message replay attacks. However it's possible that we could have two signatures in the security header that sign the Timestamp, but with different keys. This task is to add the hashed encoded version of the key as part of the caching key to allow for this scenario.

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            coheigea Colm O hEigeartaigh
            Reporter:
            coheigea Colm O hEigeartaigh
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development