wang Jessie created AMQ-7491:
--------------------------------
Summary: ActiveMQ illegal occupation vulnerability
Key: AMQ-7491
URL: https://issues.apache.org/jira/browse/AMQ-7491
Project: ActiveMQ
Issue Type: Bug
Components: AMQP, Broker
Affects Versions: 5.15.12
Environment: We build a script used JavaScript to interact with the
broker in ActiveMQ 5.15.12.
The experiment is performed on Windows10 1903 version.
Reporter: wang Jessie
Attachments: 1590234052205.png
*Description:* Two client with the same Container-Id are not allowed to connect
to the broker. When we send *two OPEN packet with same the Container-Id*, the
broker will return error and the client will close the TCP connection. The
client with this Container-Id will *never be able to connect with the broker*
unless the broker resets. This vulnerability can be exploited by the adversary
to perform the aforementioned attacks on many Container-Id to make a huge set
of clients unable to connect with the broker. As the ActiveMQ are widely
adopted by the IoT vendors, this can be a vulnerability affected a wide range.
Following are the details.
We send *two OPEN packets with the same Container-Id 1* and we can learn from
the log A in the attached picture in the broker side that the broker returned
close packets and the client closed this TCP connection with the broker.
Then we build a new client to connect with the broker using the same
Container-Id 1, we can learn from the log B in the attached pictur that the
broker returned errors as the broker believe the client with Container-Id 1
already connected.
*Suggestion for repair:* May be the state of the broker after received two OPEN
packets could be checked and the connection state of the client could be
updated when the TCP connection is closed.
:)I hope what I found can do some help and if you want further discussion,
please email me by [[email protected]|mailto:[email protected]].
Thanks for spending your time on my issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
