Bug 1188744
| Summary: | [GSS] (6.4.z) DigestAuthenticator generates duplicate nonces | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Aaron Ogburn <aogburn> | ||||
| Component: | Web | Assignee: | Aaron Ogburn <aogburn> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Michael Cada <mcada> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.4.0 | CC: | cdewolf, jawilson, myarboro, rmaucher | ||||
| Target Milestone: | ER3 | ||||||
| Target Release: | EAP 6.4.0 | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-08-02 07:31:07 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1192530 | ||||||
| Bug Blocks: | 1188833 | ||||||
| Attachments: |
|
||||||
|
Description
Aaron Ogburn
2015-02-03 15:42:37 UTC
Fixed in JBossWeb 7.5.x by r2588 Created attachment 988260 [details] digestnoncetest.war Here's a simple way to quickly test the Digest nonce generation within a single request. It'll reflect in to the DigestAuthenticator and repeatedly generate a nonce from it 1000 times and check for a duplicate. Without the fix, it easily gets a duplicate since it is able to create many nonces within the same millisecond. Just deploy digestnoncetest.war, and request http://localhost:8080/digestnoncetest/. You'll see "PASSED" if it generated a new nonce each time and a failure message if not. Since this is already committed in the 7.5 branch, it will be included in the 7.5.6 build which will be in 6.4.0. Verified with EAP 6.4.0.ER3 |