[CDRIVER-3453] Ensure server proof has been validated during SCRAM conversation Created: 05/Dec/19  Updated: 28/Oct/23  Resolved: 09/Dec/19

Status: Closed
Project: C Driver
Component/s: auth
Affects Version/s: None
Fix Version/s: 1.16.0

Type: Bug Priority: Major - P3
Reporter: Sara Golemon Assignee: Sara Golemon
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-44857 Shorter SCRAM conversation Closed
Backwards Compatibility: Minor Change

 Description   

SCRAM authentication should not be considered complete until the client has validated server proof from the server's second message. Currently, a {done:1} sent during the first or second message will bypass this validation.



 Comments   
Comment by Githook User [ 09/Dec/19 ]

Author:

{'email': 'sara.golemon@mongodb.com', 'name': 'Sara Golemon', 'username': 'sgolemon'}

Message: CDRIVER-3453 Defer SCRAM conversation completion until step 3
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/8e30a6b498aa818a11881b6f53e15a0d06bb38cb

Generated at Wed Feb 07 21:18:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.