Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.2.0.CD12
Affects Version/s: 7.1.0.ER1
Component/s: Security
Labels:
- eap72

Target Release:

7.2.0.CD12
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/905

SFDC Cases Counter:
SFDC Cases Links:

Description

X509EvidenceVerifier.SubjectDnCertificateVerifier verifies Subject DN based on String.equals method [1]. It means that valid Subject DN can be incorrectly denied because it includes (or does not include) space before comma etc.

Example:
When passed certificate includes DN CN=user,OU=EAP QE,... and LDAP entry includes entry with attribute value CN=user, OU=EAP QE, ... then it is not successfully verified.

[1] https://github.com/wildfly-security/wildfly-elytron/blob/889b2a5d3ed4fbcc759418105535cd4735c46d90/src/main/java/org/wildfly/security/auth/realm/ldap/X509EvidenceVerifier.java#L127

Attachments

Issue Links

is cloned by

ELY-1274 X509EvidenceVerifier.SubjectDnCertificateVerifier denies correct Subject DN due to incorrectly used equals

Resolved

is incorporated by

JBEAP-12932 Upgrade WildFly Core to 4.0.1.Final

Closed

Activity

People

Assignee:: Yeray Borges Santana

Reporter:: Ondrej Lukas (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2017/06/30 9:12 AM

Updated:: 2018/09/06 12:39 PM

Resolved:: 2017/11/07 10:36 AM