Uploaded image for project: 'JBoss Enterprise Application Platform 6'
  1. JBoss Enterprise Application Platform 6
  2. JBPAPP6-1027

tmp/auth/ challenge files are not deleted when access is via a remote client.

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

    XMLWordPrintable

    Details

    • Steps to Reproduce:
      Hide

      1) Get the attached jmx client, it came originally from: http://code.google.com/p/jmxquery/downloads/detail?name=jmxquery-1.3-bin.zip&can=2&q=

      2) run a JBoss instance (we used domain mode) with its native management interface accessible to the outside

      3) On a remote server run the following command in a loop
      java -cp ./jmxquery.jar:/opt//jboss/jboss-eap-6-GA/bin/client/jboss-client.jar jmxquery.JMXQuery -U 'service:jmx:remoting-jmx://jbosshost:9999' -username admin -password admin123 -O java.lang:type=Memory -A HeapMemoryUsage -K used

      Change jboss host name, -username and -password as needed

      4) In the domain tmp/auth directory watch the *.challenge files increase

      Show
      1) Get the attached jmx client, it came originally from: http://code.google.com/p/jmxquery/downloads/detail?name=jmxquery-1.3-bin.zip&can=2&q= 2) run a JBoss instance (we used domain mode) with its native management interface accessible to the outside 3) On a remote server run the following command in a loop java -cp ./jmxquery.jar:/opt//jboss/jboss-eap-6-GA/bin/client/jboss-client.jar jmxquery.JMXQuery -U 'service:jmx:remoting-jmx://jbosshost:9999' -username admin -password admin123 -O java.lang:type=Memory -A HeapMemoryUsage -K used Change jboss host name, -username and -password as needed 4) In the domain tmp/auth directory watch the *.challenge files increase
    • Affects:
      Release Notes
    • Workaround Description:
      Hide

      manually/cronjob clean out the tmp/auth directory

      Show
      manually/cronjob clean out the tmp/auth directory

      Description

      the authentication process that creates temporary files in tmp/auth is not deleting them when a JMX client connects.

      At an extreme, this would be a DOS attack, as the disk could fill up.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              shelly.mcgowan Shelly McGowan
              Reporter:
              tfonteyn Tom Fonteyne (Inactive)
              Archiver:
              samahaja Sagar Mahajan

                Dates

                Created:
                Updated:
                Resolved:
                Archived: