Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8848

AUTH feature - plain token does case-insensitive comparison of shared secrets

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 11.0.0.Beta1
    • No Release
    • Clustering
    • None

    Description

      The same approach is used for a digest token (MD5 or SHA algorithm), where it is not a problem due to converting the shared secret to HEX prior doing case-insensitive compare. It is however a problem for a plain token.

      Attachments

        Activity

          People

            pferraro@redhat.com Paul Ferraro
            pferraro@redhat.com Paul Ferraro
            Richard Janik Richard Janik
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: