[
https://issues.apache.org/jira/browse/KAFKA-7915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16765088#comment-16765088
]
Ron Dagostino commented on KAFKA-7915:
--------------------------------------
Is this the offending line?
https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/security/authenticator/SaslServerAuthenticator.java#L471
> SASL authentication failures may return sensitive data to client
> ----------------------------------------------------------------
>
> Key: KAFKA-7915
> URL: https://issues.apache.org/jira/browse/KAFKA-7915
> Project: Kafka
> Issue Type: Bug
> Components: security
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Priority: Critical
> Fix For: 2.2.0
>
>
> There was a regression from the commit
> https://github.com/apache/kafka/commit/e8a3bc74254a8e4e4aaca41395177fa4a98b480c#diff-e4c812749f57c982e2570492657ea787
> which added the error message from SaslException thrown by the server during
> authentication into the error response returned to clients. Since this
> exception may contain sensitive data (e.g. indicating that a user exists but
> password match failed), we should not return the error to clients. We have a
> separate exception (`AuthenticationException`) for errors that are safe to
> propagate to clients.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
