[jira] [Updated] (QPID-8046) [CVE-2018-1298][Broker-J] Broker can be crashed when SASL mechanisms PLAIN and XOAUTH2 are used for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10

Thu, 08 Feb 2018 15:55:15 -0800 

     [ 
https://issues.apache.org/jira/browse/QPID-8046?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Alex Rudyy updated QPID-8046:
-----------------------------
    Summary: [CVE-2018-1298][Broker-J] Broker can be crashed when SASL 
mechanisms PLAIN and XOAUTH2 are used for authentication of connections for 
AMQP protocols 0-8, 0-9, 0-91 and 0-10  (was: [CVE-2018-1298][Broker-J] Allow 
SASL mechanisms PLAIN and XOAUTH2 to not require initial response)

> [CVE-2018-1298][Broker-J] Broker can be crashed when SASL mechanisms PLAIN 
> and XOAUTH2 are used for authentication of connections for AMQP protocols 
> 0-8, 0-9, 0-91 and 0-10
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-8046
>                 URL: https://issues.apache.org/jira/browse/QPID-8046
>             Project: Qpid
>          Issue Type: Bug
>          Components: Broker-J
>    Affects Versions: qpid-java-broker-7.0.0
>            Reporter: Alex Rudyy
>            Priority: Major
>             Fix For: qpid-java-broker-7.0.1
>
>
> A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in 
> functionality for authentication of connections for AMQP protocols 0-8, 0-9, 
> 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability 
> allows unauthenticated attacker to crash the broker instance. AMQP 1.0 and 
> HTTP connections are not affected.
> Authentication Providers of following types supports PLAIN SASL mechanism:
> * Plain
> * PlainPasswordFile
> * SimpleLDAP
> * Base64MD5PasswordFile
> * MD5
> * SCRAM-SHA-256
> * SCRAM-SHA-1
> XOAUTH2 SASL mechanism is supported by Authentication Providers of type 
> OAuth2.
> If an AMQP port is configured with any of these Authentication Providers, the 
> Broker may be vulnerable.
> The current implementation of SASL mechanisms PLAIN and XOAUTH2 require from 
> client to provide an initial response. PLAIN and XOAUTH2 sasl mechanism 
> implementations should send challenge (empty bytes) if initial response is 
> not provided. See RFC4616.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to