[jira] [Resolved] (WICKET-5855) RememberMe functionality seems to be broken after the change of the default crypt factory

Martin Grigorov (JIRA) Mon, 30 Mar 2015 12:11:29 -0700

     [ 
https://issues.apache.org/jira/browse/WICKET-5855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Martin Grigorov resolved WICKET-5855.
-------------------------------------
       Resolution: Fixed
    Fix Version/s: 7.0.0-M6
                   6.20.0

> RememberMe functionality seems to be broken after the change of the default 
> crypt factory
> -----------------------------------------------------------------------------------------
>
>                 Key: WICKET-5855
>                 URL: https://issues.apache.org/jira/browse/WICKET-5855
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket-auth-roles
>    Affects Versions: 7.0.0-M5, 6.19.0
>            Reporter: Martin Grigorov
>            Assignee: Martin Grigorov
>             Fix For: 6.20.0, 7.0.0-M6
>
>
> The fix for CVE-2014-7808 seems to break the "rememberMe" functionality in 
> wicket-auth-roles.
> DefaultAuthenticationStrategy uses the crypt factory to encrypt the user 
> credentials. After restart of the application a new crypt factory is created 
> with a new secret key. Now it is not possible to decrypt the saved 
> credentials.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (WICKET-5855) RememberMe functionality seems to be broken after the change of the default crypt factory

Reply via email to