[SERVER-26586] SCRAM client mechanism should preemptively validate server provided nonces Created: 11/Oct/16  Updated: 19/Nov/16  Resolved: 18/Oct/16

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 3.4.0-rc1

Type: Bug Priority: Major - P3
Reporter: Spencer Jackson Assignee: Spencer Jackson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:
Linked BF Score: 25

 Description   

The client side SCRAM mechanism sends a nonce to the server as a part of Client Step 1. The server takes this nonce, and appends its own random data, and returns this to the client in Server Step 1. The client should validate that its original nonce is a prefix to this nonce. Not doing so could cause an error message to be emitted in Server Step 2, rather than in Client Step 2 when the problem was first detectable. Fixing this will improve the usefulness of these messages.



 Comments   
Comment by Githook User [ 18/Oct/16 ]

Author:

{u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}

Message: SERVER-26586: SCRAM client should preemptively validate server nonce
Branch: master
https://github.com/mongodb/mongo/commit/7953be12e612457ad59103a1f9488714bf659483

Generated at Thu Feb 08 04:12:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.