Uploaded image for project: 'JGroups'
  1. JGroups
  2. JGRP-1487

AUTH: X509Token Authentication is vulnerable to replay attacks

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 3.5
    • 3.0.9
    • None

    Description

      In the implementation of X509Token Authentication

      The auth_value is enrypted with the certificate within the keystore and
      during verification encrypted auth value is decrypted with the private key
      compared against the orignial auth value.

      This implementation is prone to replay attacks, that is
      any user with out having any knowledge of the auth value can join the group
      by replaying the enrypted auth value captured in earlier sessions.

      Attachments

        Issue Links

          is incorporated by

          Feature Request - Feature requests from customers and/or users JGRP-1729 Implement a SASL AuthToken

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              ttarrant@redhat.com Tristan Tarrant
              sreenivas.chinimilli sreenivas chinimilli (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: