[
https://issues.apache.org/jira/browse/QPID-3158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robbie Gemmell updated QPID-3158:
---------------------------------
Affects Version/s: 0.10
0.9
M2.1
M3
M4
0.6
0.7
0.8
Fix Version/s: 0.11
> .NET 0-8 clients fail to connect with some valid passwords
> ----------------------------------------------------------
>
> Key: QPID-3158
> URL: https://issues.apache.org/jira/browse/QPID-3158
> Project: Qpid
> Issue Type: Bug
> Components: Dot Net Client, Java Broker
> Affects Versions: M2.1, M3, M4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.10, 0.11
> Environment: Qpid .NET 0-8 client
> Reporter: Keith Wall
> Assignee: Keith Wall
> Fix For: 0.11
>
> Attachments:
> 0001-QPID-3158-Defect-in-the-CRAM-MD5-HEX-mechanism-CRAMM.patch,
> 0001-QPID-3158-Defect-in-the-CRAM-MD5-HEX-mechanism-CRAMM_trunk.patch
>
>
> There is a defect in the CRAM MD5 Hex SASL mechanism within the Qpid broker
> that prevents some passwords from being used to connect from the Qpid 0-8
> .Net client. The defect does not affect authentications using the same
> password from the Java client as it connects using a different SASL mechanism.
> The defect seemingly affects about 30% of all possible passwords. It shows no
> bias towards strong/weak passwords as the defect in the mechanism is after
> the cleartext has been MD5 digested.
> The client sees a 503 exception
> (Apache.Qpid.Client.AMQAuthenticationException: not allowed) from the new
> AMQConnection(QpidConnectionInfo) constructor.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
