[
https://issues.apache.org/jira/browse/AMQ-7491?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
wang Jessie updated AMQ-7491:
-----------------------------
Description:
*Description:* Two client with the same Container-Id are not allowed to connect
to the broker. When we send *two OPEN packet with same the Container-Id*, the
broker will return error and the client will close the TCP connection. The
client with this Container-Id will *never be able to connect with the broker*
unless the broker resets. This vulnerability can be exploited by the adversary
to perform the aforementioned attacks on many Container-Id to make a huge set
of clients unable to connect with the broker. As the ActiveMQ are widely
adopted by the IoT vendors, this can be a vulnerability affected a wide range.
Following are the details.
We send *two OPEN packets with the same Container-Id 1* and we can learn from
the log A in the attached picture in the broker side that the broker returned
close packets and *the client closed this TCP connection with the broker.*
Then we build a new client to connect with the broker using the same
Container-Id 1, we can learn from the log B in the attached pictur that the
broker returned errors as the broker believe the client with Container-Id 1
already connected.
*Suggestion for repair:* May be the state of the broker after received two OPEN
packets could be checked and the connection state of the client could be
updated when the TCP connection is closed.
:)I hope what I found can do some help and if you want further discussion,
please email me by [[email protected]|mailto:[email protected]].
Thanks for spending your time on my issue.
was:
*Description:* Two client with the same Container-Id are not allowed to connect
to the broker. When we send *two OPEN packet with same the Container-Id*, the
broker will return error and the client will close the TCP connection. The
client with this Container-Id will *never be able to connect with the broker*
unless the broker resets. This vulnerability can be exploited by the adversary
to perform the aforementioned attacks on many Container-Id to make a huge set
of clients unable to connect with the broker. As the ActiveMQ are widely
adopted by the IoT vendors, this can be a vulnerability affected a wide range.
Following are the details.
We send *two OPEN packets with the same Container-Id 1* and we can learn from
the log A in the attached picture in the broker side that the broker returned
close packets and the client closed this TCP connection with the broker.
Then we build a new client to connect with the broker using the same
Container-Id 1, we can learn from the log B in the attached pictur that the
broker returned errors as the broker believe the client with Container-Id 1
already connected.
*Suggestion for repair:* May be the state of the broker after received two OPEN
packets could be checked and the connection state of the client could be
updated when the TCP connection is closed.
:)I hope what I found can do some help and if you want further discussion,
please email me by [[email protected]|mailto:[email protected]].
Thanks for spending your time on my issue.
> ActiveMQ illegal occupation vulnerability
> -----------------------------------------
>
> Key: AMQ-7491
> URL: https://issues.apache.org/jira/browse/AMQ-7491
> Project: ActiveMQ
> Issue Type: Bug
> Components: AMQP, Broker
> Affects Versions: 5.15.12
> Environment: We build a script used JavaScript to interact with the
> broker in ActiveMQ 5.15.12.
> The experiment is performed on Windows10 1903 version.
> Reporter: wang Jessie
> Priority: Major
> Labels: security
> Attachments: 1590234052205.png
>
>
> *Description:* Two client with the same Container-Id are not allowed to
> connect to the broker. When we send *two OPEN packet with same the
> Container-Id*, the broker will return error and the client will close the TCP
> connection. The client with this Container-Id will *never be able to connect
> with the broker* unless the broker resets. This vulnerability can be
> exploited by the adversary to perform the aforementioned attacks on many
> Container-Id to make a huge set of clients unable to connect with the broker.
> As the ActiveMQ are widely adopted by the IoT vendors, this can be a
> vulnerability affected a wide range.
> Following are the details.
> We send *two OPEN packets with the same Container-Id 1* and we can learn from
> the log A in the attached picture in the broker side that the broker returned
> close packets and *the client closed this TCP connection with the broker.*
> Then we build a new client to connect with the broker using the same
> Container-Id 1, we can learn from the log B in the attached pictur that the
> broker returned errors as the broker believe the client with Container-Id 1
> already connected.
> *Suggestion for repair:* May be the state of the broker after received two
> OPEN packets could be checked and the connection state of the client could be
> updated when the TCP connection is closed.
>
> :)I hope what I found can do some help and if you want further discussion,
> please email me by [[email protected]|mailto:[email protected]].
> Thanks for spending your time on my issue.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
