[
https://issues.apache.org/jira/browse/KAFKA-7915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rajini Sivaram resolved KAFKA-7915.
-----------------------------------
Resolution: Fixed
> SASL authentication failures may return sensitive data to client
> ----------------------------------------------------------------
>
> Key: KAFKA-7915
> URL: https://issues.apache.org/jira/browse/KAFKA-7915
> Project: Kafka
> Issue Type: Bug
> Components: security
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Priority: Critical
> Fix For: 2.2.0
>
>
> There was a regression from the commit
> https://github.com/apache/kafka/commit/e8a3bc74254a8e4e4aaca41395177fa4a98b480c#diff-e4c812749f57c982e2570492657ea787
> which added the error message from SaslException thrown by the server during
> authentication into the error response returned to clients. Since this
> exception may contain sensitive data (e.g. indicating that a user exists but
> password match failed), we should not return the error to clients. We have a
> separate exception (`AuthenticationException`) for errors that are safe to
> propagate to clients.
> The regression was not in any released version, the related commit will only
> be in 2.2.0, so we just need to fix this before 2.2.0.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
