Tomas Eduardo Fernandez Lobbe created SOLR-15961:
----------------------------------------------------
Summary: PKIAuthenticationPlugin.parseCipher is too lenient,
causing unnecessary authentication errors
Key: SOLR-15961
URL: https://issues.apache.org/jira/browse/SOLR-15961
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Tomas Eduardo Fernandez Lobbe
It will accept an input {{SolrAuth}} header as valid with an invalid/outdated
public key as long as the output of {{CryptoKeys.decryptRSA}} ends with a space
followed by a number. It will interpret the number as a (very small) timestamp,
which will cause the request to fail with 401, instead of re-fetching the
public key from the remote host.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
