-
Bug
-
Resolution: Done
-
Minor
-
JBossSecurity_2.0.5.Final
-
None
-
-
Low
auditing is inconsistent: it filters out "authorization" header but does not filter out the "j_password" form field parameter
See: jbosssx/ src/ main/ java/ org/ jboss/ security/ authorization/ resources/ WebResource.java
Headers filter:
180 if(headerName.contains("authorization") == false)
181 sb.append(httpRequest.getHeader(headerName)).append(",");
No filtering for params:
197 sb.append(paramValues[i]).append("::");
- is cloned by
-
JBPAPP-8089 auditing is inconsistent: it filters out "authorization" header but does not filter out the "j_password" form field parameter
- Closed