Uploaded image for project: 'JBoss Enterprise Application Platform 6'
  1. JBoss Enterprise Application Platform 6
  2. JBPAPP6-1027

tmp/auth/ challenge files are not deleted when access is via a remote client.

    Details

    • Steps to Reproduce:
      Hide

      1) Get the attached jmx client, it came originally from: http://code.google.com/p/jmxquery/downloads/detail?name=jmxquery-1.3-bin.zip&can=2&q=

      2) run a JBoss instance (we used domain mode) with its native management interface accessible to the outside

      3) On a remote server run the following command in a loop
      java -cp ./jmxquery.jar:/opt//jboss/jboss-eap-6-GA/bin/client/jboss-client.jar jmxquery.JMXQuery -U 'service:jmx:remoting-jmx://jbosshost:9999' -username admin -password admin123 -O java.lang:type=Memory -A HeapMemoryUsage -K used

      Change jboss host name, -username and -password as needed

      4) In the domain tmp/auth directory watch the *.challenge files increase

      Show
      1) Get the attached jmx client, it came originally from: http://code.google.com/p/jmxquery/downloads/detail?name=jmxquery-1.3-bin.zip&can=2&q= 2) run a JBoss instance (we used domain mode) with its native management interface accessible to the outside 3) On a remote server run the following command in a loop java -cp ./jmxquery.jar:/opt//jboss/jboss-eap-6-GA/bin/client/jboss-client.jar jmxquery.JMXQuery -U 'service:jmx:remoting-jmx://jbosshost:9999' -username admin -password admin123 -O java.lang:type=Memory -A HeapMemoryUsage -K used Change jboss host name, -username and -password as needed 4) In the domain tmp/auth directory watch the *.challenge files increase
    • Affects:
      Release Notes
    • Workaround Description:
      Hide

      manually/cronjob clean out the tmp/auth directory

      Show
      manually/cronjob clean out the tmp/auth directory

      Description

      the authentication process that creates temporary files in tmp/auth is not deleting them when a JMX client connects.

      At an extreme, this would be a DOS attack, as the disk could fill up.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  shelly.mcgowan Shelly McGowan
                  Reporter:
                  tfonteyn Tom Fonteyne
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  11 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: