Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-4326

Overwriting an existing passwordFile with FilePassword can corrupt the file

    XMLWordPrintable

Details

    • Bug
    • Resolution: Obsolete
    • Major
    • No Release
    • JBossAS-4.0.3 SP1, JBossAS-4.0.5.GA
    • Security
    • None

    Description

      When you create a passwordFile with org.jboss.security.plugins.FilePassword which generates a 16 bytes long
      encoded password and afterwards overwrite this file with a shorter password, the second eight bytes of the former
      password are still in the file.
      When now decode tries to decrypt the password from the passwordFile it reads 16 bytes instead of the correct eight bytes and
      throws a BadPaddingException.

      Sure, the workaround to delete the file prior to generation is eligible, but wouldn't it be nicer to have it done automatically.
      And if it's only for all the newbies, which don't have to debug into that.

      Attachments

        Activity

          People

            starksm64 Scott Stark (Inactive)
            gasttor_jira Thorsten Gast (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: