Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-11036

IIOP - Client principal is retained in subsequent invocations even if the client is not associated with the principal anymore

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • EAP_EWP 5.3.0.ER2
    • EAP_EWP 5.2.0, EAP_EWP 5.3.0.ER1
    • IIOP
    • None
    • Not Required
    • NEW

    Description

      Client principal is retained on server in SecurityAssociation in subsequent invocations even if the calling client is not associated with the principal anymore. This allows an client to execute code which he should not be allowed to execute.

      Attachments

        Activity

          People

            dpospisil Dominik Pospisil (Inactive)
            dpospisil Dominik Pospisil (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: