activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom Samplonius (JIRA)" <>
Subject [jira] Created: (AMQ-1272) Stomp protocol does not correctly check authentication (security hole)
Date Tue, 12 Jun 2007 06:26:33 GMT
Stomp protocol does not correctly check authentication (security hole)

                 Key: AMQ-1272
             Project: ActiveMQ
          Issue Type: Bug
          Components: Broker
         Environment: 4.2-SNAPSHOT
            Reporter: Tom Samplonius
            Priority: Blocker
             Fix For: 4.1.2, 5.0.0

ActiveMQ does not correctly validate the username and password of Stomp clients.  A security
exception is generated, but ignored, leaving the client connected, and with full and unrestricted
access to ActiveMQ.

Further description, and a partial patch:

BTW, while the patch in the above post, is crude, however, leaving unauthenticated users connected
with full-access makes ActiveMQ and Stomp pretty unusable.  So please apply the path, rather
than do nothing.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message