.NET 0-8 clients fail to connect with some valid passwords
----------------------------------------------------------
Key: QPID-3158
URL: https://issues.apache.org/jira/browse/QPID-3158
Project: Qpid
Issue Type: Bug
Components: Dot Net Client, Java Broker
Affects Versions: 0.5, 0.11
Environment: Qpid .NET 0-8 client
Reporter: Keith Wall
Assignee: Keith Wall
There is a defect in the CRAM MD5 Hex SASL mechanism within the Qpid broker
that prevents some passwords from being used to connect from the Qpid 0-8 .Net
client. The defect does not affect authentications using the same password from
the Java client as it connects using a different SASL mechanism.
The defect seemingly affects about 30% of all possible passwords. It shows no
bias towards strong/weak passwords as the defect in the mechanism is after the
cleartext has been MD5 digested.
The client sees a 503 exception (Apache.Qpid.Client.AMQAuthenticationException:
not allowed) from the new AMQConnection(QpidConnectionInfo) constructor.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
