Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-4326

Overwriting an existing passwordFile with FilePassword can corrupt the file

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Major Major
    • No Release
    • JBossAS-4.0.3 SP1, JBossAS-4.0.5.GA
    • Security
    • None

    • Windows XP, JDK 5

      When you create a passwordFile with org.jboss.security.plugins.FilePassword which generates a 16 bytes long
      encoded password and afterwards overwrite this file with a shorter password, the second eight bytes of the former
      password are still in the file.
      When now decode tries to decrypt the password from the passwordFile it reads 16 bytes instead of the correct eight bytes and
      throws a BadPaddingException.

      Sure, the workaround to delete the file prior to generation is eligible, but wouldn't it be nicer to have it done automatically.
      And if it's only for all the newbies, which don't have to debug into that.

              starksm64 Scott Stark (Inactive)
              gasttor_jira Thorsten Gast (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: