[
https://issues.apache.org/jira/browse/AMQ-7491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17118702#comment-17118702
]
wang Jessie commented on AMQ-7491:
----------------------------------
I am willing to share my script. Can I send you by email? Because I am not
decided to make the script public.
> ActiveMQ illegal occupation vulnerability
> -----------------------------------------
>
> Key: AMQ-7491
> URL: https://issues.apache.org/jira/browse/AMQ-7491
> Project: ActiveMQ
> Issue Type: Bug
> Components: AMQP, Broker
> Affects Versions: 5.15.12
> Environment: We build a script used JavaScript to interact with the
> broker in ActiveMQ 5.15.12.
> The experiment is performed on Windows10 1903 version.
> Reporter: wang Jessie
> Priority: Blocker
> Labels: security
> Attachments: 1590234052205.png
>
>
> *Description:* Two client with the same Container-Id are not allowed to
> connect to the broker. When we send *two OPEN packet with same the
> Container-Id*, the broker will return error and the client will close the TCP
> connection. The client with this Container-Id will *never be able to connect
> with the broker* unless the broker resets. This vulnerability can be
> exploited by the adversary to perform the aforementioned attacks on many
> Container-Id to make a huge set of clients unable to connect with the broker.
> As the ActiveMQ are widely adopted by the IoT vendors, this can be a
> vulnerability affected a wide range.
> Following are the details.
> We send *two OPEN packets with the same Container-Id 1* and we can learn from
> the log A in the attached picture in the broker side that the broker returned
> close packets and the client closed this TCP connection with the broker.
> Then we build a new client to connect with the broker using the same
> Container-Id 1, we can learn from the log B in the attached pictur that the
> broker returned errors as the broker believe the client with Container-Id 1
> already connected.
> *Suggestion for repair:* May be the state of the broker after received two
> OPEN packets could be checked and the connection state of the client could be
> updated when the TCP connection is closed.
>
> :)I hope what I found can do some help and if you want further discussion,
> please email me by [[email protected]|mailto:[email protected]].
> Thanks for spending your time on my issue.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
