[
https://issues.apache.org/jira/browse/AMQ-7491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17125290#comment-17125290
]
Timothy A. Bish commented on AMQ-7491:
--------------------------------------
The client connection is checked by the inactivity monitor to ensure that it
will not remain open forever in the case of a drop at the client end. I've
tested this and can find no issues with that validation, if you've configured
that off in your broker then yes you could have issues with clients dropping
and not being noticed but that'd be due to configuration.
The test script is far to complicated and was not functional for me so I've
tested using modifications of the existing client tests which also check
various aspects of this so you need to create a more simpler test script that
can provoke the issue you think you are seeing for an outside observer to
validate.
> ActiveMQ illegal occupation vulnerability
> -----------------------------------------
>
> Key: AMQ-7491
> URL: https://issues.apache.org/jira/browse/AMQ-7491
> Project: ActiveMQ
> Issue Type: Bug
> Components: AMQP, Broker
> Affects Versions: 5.15.12
> Environment: We build a script used JavaScript to interact with the
> broker in ActiveMQ 5.15.12.
> The experiment is performed on Windows10 1903 version.
> Reporter: wang Jessie
> Priority: Major
> Labels: security
> Attachments: 1590234052205.png
>
>
> *Description:* Two client with the same Container-Id are not allowed to
> connect to the broker. When we send *two OPEN packet with same the
> Container-Id*, the broker will return error and the client will close the TCP
> connection. The client with this Container-Id will *never be able to connect
> with the broker* unless the broker resets. This vulnerability can be
> exploited by the adversary to perform the aforementioned attacks on many
> Container-Id to make a huge set of clients unable to connect with the broker.
> As the ActiveMQ are widely adopted by the IoT vendors, this can be a
> vulnerability affected a wide range.
> Following are the details.
> We send *two OPEN packets with the same Container-Id 1* and we can learn from
> the log A in the attached picture in the broker side that the broker returned
> close packets and *the client closed this TCP connection with the broker.*
> Then we build a new client to connect with the broker using the same
> Container-Id 1, we can learn from the log B in the attached pictur that the
> broker returned errors as the broker believe the client with Container-Id 1
> already connected.
> *Suggestion for repair:* May be the state of the broker after received two
> OPEN packets could be checked and the connection state of the client could be
> updated when the TCP connection is closed.
>
> :)I hope what I found can do some help and if you want further discussion,
> please email me by [[email protected]|mailto:[email protected]].
> Thanks for spending your time on my issue.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
