Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Operating System:
ALL
Sprint:
Server Security 2026-02-13, Server Security 2026-02-27, Server Security 2026-03-13
Linked BF Score:
200
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Even when SCRAM-SHA-256 is disabled on the server, we still seem to allow nodes to select the auth mech in SaslSupportedMechanisms.

If the client does not specify a mechanism, we should only use an enabled mechanism. If the client specifies a disabled mechanism, we should return an error during SaslSupportedMechanisms.

Assignee:: Ken Martin
Reporter:: Shreyas Kalyan
Participants:: Ken Martin, Shreyas Kalyan
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Feb 05 2026 05:18:13 PM UTC
Updated:: Mar 02 2026 06:02:33 PM UTC

Details

Description

Attachments

Activity

People

Dates