Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 9.0.0-rc0
Affects Version/s: None
Component/s: Security
Labels:
None

Assigned Teams:

Server Security
Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Sprint:
Server Security 2026-02-13, Server Security 2026-02-27, Server Security 2026-03-13, Server Security 2026-03-27, Server Security 2026-04-10, Server Security 2026-04-24, Server Security 2026-05-08, Server Security 2026-05-22, Server Security 2026-06-05, Server Security 2026-06-19
Linked BF Score:
200
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Even when SCRAM-SHA-256 is disabled on the server, we still seem to allow nodes to select the auth mech in SaslSupportedMechanisms.

If the client does not specify a mechanism, we should only use an enabled mechanism. If the client specifies a disabled mechanism, we should return an error during SaslSupportedMechanisms.

Assignee:: Chye Lin Chee
Reporter:: Shreyas Kalyan (Inactive)
Participants:: Chye Lin Chee, Githook User, Shreyas Kalyan
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Feb 05 2026 05:18:13 PM UTC
Updated:: Jun 08 2026 11:16:45 PM UTC
Resolved:: Jun 08 2026 11:16:46 PM UTC

Details

Description

Attachments

Activity

People

Dates