[SERVER-8143] saslContinue command returns confusing error message when the user can't be found Created: 10/Jan/13  Updated: 11/Jul/16  Resolved: 15/Jan/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 2.4.0-rc0

Type: Improvement Priority: Major - P3
Reporter: Jeffrey Yemin Assignee: Andy Schwerin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

This affects the upcoming 2.3.2 release.

If you start a sasl conversation and specify a database that does not define the given user, you get back this document:

{ code : 17, errmsg : "Authentication failed because the password was not provided.", ok : 1.0 }

Expected results:

{ code : 18, errmsg : "Authentication failed.", ok : 1.0 }



 Comments   
Comment by Andy Schwerin [ 11/Jan/13 ]

Authentication failure messages should not reveal that the user does or does not exist. Updated "expected behavior".

Generated at Thu Feb 08 03:16:40 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.