[JAVA-2763] SCRAM-SHA-1 authenticator preps user name incorrectly Created: 31/Jan/18  Updated: 28/Oct/23  Resolved: 02/Feb/18

Status: Closed
Project: Java Driver
Component/s: Security
Affects Version/s: 3.0.0
Fix Version/s: 3.6.2

Type: Bug Priority: Minor - P4
Reporter: Jeffrey Yemin Assignee: Jeffrey Yemin
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

The SCRAM SASL RFC states that

The characters ',' or '=' in usernames are sent as '=2C' and '=3D' respectively. If the server receives a username that contains '=' not followed by either '2C' or '3D', then the server MUST fail the authentication.

The driver incorrectly uses =2D instead of =2C



 Comments   
Comment by Githook User [ 02/Feb/18 ]

Author:

{'email': 'jeff.yemin@10gen.com', 'name': 'Jeff Yemin', 'username': 'jyemin'}

Message: JAVA-2763: For SCRAM-SHA-1, test user name prepping required by RFC 5802 by adding a comma and equal sign to the user name
Branch: master
https://github.com/mongodb/mongo-java-driver/commit/5be570d1d8a2a91cb47479c61eaaa648ae7d03ae

Comment by Githook User [ 02/Feb/18 ]

Author:

{'email': 'brendan@jsonar.com', 'name': 'Brendan Chung', 'username': 'brendanJsonar'}

Message: JAVA-2763: Replace ',' (comma) with =2C instead of =2D in username for SCRAM-SHA-1 authentication
Branch: master
https://github.com/mongodb/mongo-java-driver/commit/1a6a2f3b42ef3e00a0e1cbaece9b8f4fecaf3899

Comment by Githook User [ 02/Feb/18 ]

Author:

{'email': 'jeff.yemin@10gen.com', 'name': 'Jeff Yemin', 'username': 'jyemin'}

Message: JAVA-2763: For SCRAM-SHA-1, test user name prepping required by RFC 5802 by adding a comma and equal sign to the user name
Branch: 3.6.x
https://github.com/mongodb/mongo-java-driver/commit/b031f9c78e720a642864e42b9b075914e42a9f0c

Comment by Githook User [ 02/Feb/18 ]

Author:

{'email': 'brendan@jsonar.com', 'name': 'Brendan Chung', 'username': 'brendanJsonar'}

Message: JAVA-2763: Replace ',' (comma) with =2C instead of =2D in username for SCRAM-SHA-1 authentication
Branch: 3.6.x
https://github.com/mongodb/mongo-java-driver/commit/ea7da88787f39939a412fa0a1122984bc32c37dc

Comment by Jeffrey Yemin [ 01/Feb/18 ]

Thanks to Brendan who pointed it out in this pull request: https://github.com/mongodb/mongo-java-driver/pull/447.

Generated at Thu Feb 08 08:58:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.