[ https://issues.apache.org/jira/browse/KAFKA-7915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rajini Sivaram resolved KAFKA-7915. ----------------------------------- Resolution: Fixed > SASL authentication failures may return sensitive data to client > ---------------------------------------------------------------- > > Key: KAFKA-7915 > URL: https://issues.apache.org/jira/browse/KAFKA-7915 > Project: Kafka > Issue Type: Bug > Components: security > Reporter: Rajini Sivaram > Assignee: Rajini Sivaram > Priority: Critical > Fix For: 2.2.0 > > > There was a regression from the commit > https://github.com/apache/kafka/commit/e8a3bc74254a8e4e4aaca41395177fa4a98b480c#diff-e4c812749f57c982e2570492657ea787 > which added the error message from SaslException thrown by the server during > authentication into the error response returned to clients. Since this > exception may contain sensitive data (e.g. indicating that a user exists but > password match failed), we should not return the error to clients. We have a > separate exception (`AuthenticationException`) for errors that are safe to > propagate to clients. > The regression was not in any released version, the related commit will only > be in 2.2.0, so we just need to fix this before 2.2.0. -- This message was sent by Atlassian JIRA (v7.6.3#76005)