Rajini Sivaram created KAFKA-7915: ------------------------------------- Summary: SASL authentication failures may return sensitive data to client Key: KAFKA-7915 URL: https://issues.apache.org/jira/browse/KAFKA-7915 Project: Kafka Issue Type: Bug Components: security Reporter: Rajini Sivaram Assignee: Rajini Sivaram Fix For: 2.2.0
There was a regression from the commit https://github.com/apache/kafka/commit/e8a3bc74254a8e4e4aaca41395177fa4a98b480c#diff-e4c812749f57c982e2570492657ea787 which added the error message from SaslException thrown by the server during authentication into the error response returned to clients. Since this exception may contain sensitive data (e.g. indicating that a user exists but password match failed), we should not return the error to clients. We have a separate exception (`AuthenticationException`) for errors that are safe to propagate to clients. -- This message was sent by Atlassian JIRA (v7.6.3#76005)