[SERVER-26586] SCRAM client mechanism should preemptively validate server provided nonces - MongoDB

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.4.0-rc1
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Linked BF Score:
25

Description

The client side SCRAM mechanism sends a nonce to the server as a part of Client Step 1. The server takes this nonce, and appends its own random data, and returns this to the client in Server Step 1. The client should validate that its original nonce is a prefix to this nonce. Not doing so could cause an error message to be emitted in Server Step 2, rather than in Client Step 2 when the problem was first detectable. Fixing this will improve the usefulness of these messages.

Attachments

Activity

People

Assignee:: Spencer Jackson

Reporter:: Spencer Jackson

Participants:: Githook User, Spencer Jackson

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: Oct 11 2016 10:07:14 PM UTC

Updated:: Nov 19 2016 12:06:13 AM UTC

Resolved:: Oct 18 2016 07:52:01 PM UTC