ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin Fung (JIRA)" <j...@apache.org>
Subject [jira] Created: (WSS-25) UsernameToken password is not checked
Date Wed, 16 Nov 2005 19:34:31 GMT
UsernameToken password is not checked
-------------------------------------

         Key: WSS-25
         URL: http://issues.apache.org/jira/browse/WSS-25
     Project: WSS4J
        Type: Bug
 Environment: Windows 2000, JDK 1.5.0_05-b05
    Reporter: Kevin Fung
 Assigned to: Davanum Srinivas 


In the handleUsernameToken method in WSSecurityEngine class, the password returned by the
password handler is not compared against the password/digest from the UsernameToken. The result
is that any password will be accepted.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message