[jira] [Updated] (QPID-8046) [CVE-2018-1298][Broker-J] Allow SASL mechanisms PLAIN and XOAUTH2 to not require initial response

Alex Rudyy (JIRA) Thu, 08 Feb 2018 15:08:45 -0800

     [ 
https://issues.apache.org/jira/browse/QPID-8046?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Alex Rudyy updated QPID-8046:
-----------------------------
    Summary: [CVE-2018-1298][Broker-J] Allow SASL mechanisms PLAIN and XOAUTH2 
to not require initial response  (was: [Broker-J] Allow SASL mechanisms PLAIN 
and XOAUTH2 to not require initial response)

> [CVE-2018-1298][Broker-J] Allow SASL mechanisms PLAIN and XOAUTH2 to not 
> require initial response
> -------------------------------------------------------------------------------------------------
>
>                 Key: QPID-8046
>                 URL: https://issues.apache.org/jira/browse/QPID-8046
>             Project: Qpid
>          Issue Type: Bug
>          Components: Broker-J
>    Affects Versions: qpid-java-broker-7.0.0
>            Reporter: Alex Rudyy
>            Priority: Major
>             Fix For: qpid-java-broker-7.0.1
>
>
> The current implementation of SASL mechanisms PLAIN and XOAUTH2 require from 
> client to provide an initial response. PLAIN and XOAUTH2 sasl mechanism 
> implementations should send challenge (empty bytes) if initial response is 
> not provided. See RFC4616.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (QPID-8046) [CVE-2018-1298][Broker-J] Allow SASL mechanisms PLAIN and XOAUTH2 to not require initial response

Reply via email to