Rajini Sivaram created KAFKA-7915:
-------------------------------------
Summary: SASL authentication failures may return sensitive data to
client
Key: KAFKA-7915
URL: https://issues.apache.org/jira/browse/KAFKA-7915
Project: Kafka
Issue Type: Bug
Components: security
Reporter: Rajini Sivaram
Assignee: Rajini Sivaram
Fix For: 2.2.0
There was a regression from the commit
https://github.com/apache/kafka/commit/e8a3bc74254a8e4e4aaca41395177fa4a98b480c#diff-e4c812749f57c982e2570492657ea787
which added the error message from SaslException thrown by the server during
authentication into the error response returned to clients. Since this
exception may contain sensitive data (e.g. indicating that a user exists but
password match failed), we should not return the error to clients. We have a
separate exception (`AuthenticationException`) for errors that are safe to
propagate to clients.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
