Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-665

Incorrect warning about invalid option passwordIsA1Hash in login modules

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • PIcketBox_4_0_15.Final
    • PicketBox_v4_0_9.Final
    • None
    • None

    Description

      As I described in in my last post in https://community.jboss.org/message/744521#744521, I had a problem with DIGEST authentication and passwordIsA1Hash option configured in JBossAS 7.

      IMO one of the following classes should enlist passwordIsA1Hash option among their valid options: AbstractServerLoginModule, UsernamePasswordLoginModule, UsersRolesLoginModule. Now it's missing and login modules scream that the option is invalid (in my case UsersRolesLoginModule).

      Attachments

        Activity

          People

            sguilhen Stefan Guilhen
            mgencur Martin Gencur
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: