Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Minor - P4
Fix Version/s: 3.6.2
Affects Version/s: 3.0.0
Component/s: Security
Labels:
None

Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

The SCRAM SASL RFC states that

The characters ',' or '=' in usernames are sent as '=2C' and '=3D' respectively. If the server receives a username that contains '=' not followed by either '2C' or '3D', then the server MUST fail the authentication.

The driver incorrectly uses =2D instead of =2C

Assignee:: Jeffrey Yemin
Reporter:: Jeffrey Yemin
Reviewers:: None
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Jan 31 2018 11:36:50 PM UTC
Updated:: Oct 28 2023 11:22:58 AM UTC
Resolved:: Feb 02 2018 02:36:31 PM UTC
Confidence Status Last Update:: 01/Feb/18 4:11 PM