[
https://issues.apache.org/jira/browse/QPID-3158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Keith Wall updated QPID-3158:
-----------------------------
Attachment: 0001-QPID-3158-Defect-in-the-CRAM-MD5-HEX-mechanism-CRAMM.patch
This is a patch that addresses the issue on the trunk. It includes a unit test
for the CRAM-MD5-HEX mechanism.
> .NET 0-8 clients fail to connect with some valid passwords
> ----------------------------------------------------------
>
> Key: QPID-3158
> URL: https://issues.apache.org/jira/browse/QPID-3158
> Project: Qpid
> Issue Type: Bug
> Components: Dot Net Client, Java Broker
> Affects Versions: 0.5, 0.11
> Environment: Qpid .NET 0-8 client
> Reporter: Keith Wall
> Assignee: Keith Wall
> Attachments:
> 0001-QPID-3158-Defect-in-the-CRAM-MD5-HEX-mechanism-CRAMM.patch,
> 0001-QPID-3158-Defect-in-the-CRAM-MD5-HEX-mechanism-CRAMM.patch
>
>
> There is a defect in the CRAM MD5 Hex SASL mechanism within the Qpid broker
> that prevents some passwords from being used to connect from the Qpid 0-8
> .Net client. The defect does not affect authentications using the same
> password from the Java client as it connects using a different SASL mechanism.
> The defect seemingly affects about 30% of all possible passwords. It shows no
> bias towards strong/weak passwords as the defect in the mechanism is after
> the cleartext has been MD5 digested.
> The client sees a 503 exception
> (Apache.Qpid.Client.AMQAuthenticationException: not allowed) from the new
> AMQConnection(QpidConnectionInfo) constructor.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
