Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-2763

SCRAM-SHA-1 authenticator preps user name incorrectly

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Minor - P4 Minor - P4
    • 3.6.2
    • Affects Version/s: 3.0.0
    • Component/s: Security
    • Labels:
      None

      The SCRAM SASL RFC states that

      The characters ',' or '=' in usernames are sent as '=2C' and '=3D' respectively. If the server receives a username that contains '=' not followed by either '2C' or '3D', then the server MUST fail the authentication.

      The driver incorrectly uses =2D instead of =2C

            Assignee:
            jeff.yemin@mongodb.com Jeffrey Yemin
            Reporter:
            jeff.yemin@mongodb.com Jeffrey Yemin
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: