activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom Samplonius (JIRA)" <j...@apache.org>
Subject [jira] Commented: (AMQ-1272) Stomp protocol does not correctly check authentication (security hole)
Date Sun, 24 Jun 2007 09:48:33 GMT

    [ https://issues.apache.org/activemq/browse/AMQ-1272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_39500
] 

Tom Samplonius commented on AMQ-1272:
-------------------------------------

Just some further clarification.  activemq-5.0-20070621 with the patch has the following behavior:

1.  If a Stomp client uses the wrong password and/or wrong user name, it will just block forever
when trying to send to a destination.

2.  If a Stomp client uses a matching username and password, but that user does not have permission
to write to the queue (as in the above nonsensical auth configuration, where none of the groups
match), ActiveMQ will just eat the message and log an exception for each message:

 ERROR Service                        - Async error occurred: java.lang.SecurityException:
User system is not authorized to write to: queue://foo
java.lang.SecurityException: User system is not authorized to write to: queue://foo


So the client is never disconnected, and never is sent an error.  It is a step in the right
direction.

> Stomp protocol does not correctly check authentication (security hole)
> ----------------------------------------------------------------------
>
>                 Key: AMQ-1272
>                 URL: https://issues.apache.org/activemq/browse/AMQ-1272
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.0.0
>         Environment: 4.2-SNAPSHOT
>            Reporter: Tom Samplonius
>            Priority: Blocker
>             Fix For: 4.1.2, 5.0.0
>
>         Attachments: stomp.diff
>
>
> ActiveMQ does not correctly validate the username and password of Stomp clients.  A security
exception is generated, but ignored, leaving the client connected, and with full and unrestricted
access to ActiveMQ.
> Further description, and a partial patch:
> http://www.nabble.com/Getting-Stomp-support-to-a-usable-state...-tf3858629s2354.html#a11060452

> BTW, while the patch in the above post, is crude, however, leaving unauthenticated users
connected with full-access makes ActiveMQ and Stomp pretty unusable.  So please apply the
path, rather than do nothing.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message