kafka-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajini Sivaram (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KAFKA-7915) SASL authentication failures may return sensitive data to client
Date Mon, 11 Feb 2019 15:33:00 GMT
Rajini Sivaram created KAFKA-7915:
-------------------------------------

             Summary: SASL authentication failures may return sensitive data to client
                 Key: KAFKA-7915
                 URL: https://issues.apache.org/jira/browse/KAFKA-7915
             Project: Kafka
          Issue Type: Bug
          Components: security
            Reporter: Rajini Sivaram
            Assignee: Rajini Sivaram
             Fix For: 2.2.0


There was a regression from the commit https://github.com/apache/kafka/commit/e8a3bc74254a8e4e4aaca41395177fa4a98b480c#diff-e4c812749f57c982e2570492657ea787
which added the error message from SaslException thrown by the server during authentication
into the error response returned to clients. Since this exception may contain sensitive data
(e.g. indicating that a user exists but password match failed), we should not return the error
to clients. We have a separate exception (`AuthenticationException`) for errors that are safe
to propagate to clients.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message