geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy" <vamsic...@apache.org>
Subject SQLLoginModule Security alert in Geronimo 2.0.2 and 2.0.1
Date Mon, 22 Oct 2007 07:13:57 GMT
Hi,

One of our committers, Jarek Gawor, has identified a security issue with
SQLLoginModule.  See the related JIRA
https://issues.apache.org/jira/browse/GERONIMO-3543 .  Authentication
succeeds with SQLLoginModule if logging in with an username that does not
exist in the database.  The issue affects the use of only Database (SQL)
Realms in released versions 2.0.1 and 2.0.2.  The issue has already been
fixed in the codebase and we will be available in the next release expected
soon.

++Vamsi

Mime
View raw message