[HTTPC-47] Basic auth filter accepts header characters beyond the padding - MuleSoft Community JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: To be reviewed
Resolution: Done
Affects Version/s: None
Fix Version/s: None
Security Level: Public
Labels:
None

Severity:
S3
Bug Boosted:
No
Defect Source:
Pre-production defect
Severity Label:
S3

Description

When a header for basic auth is received such as "Basic jdhglsadjgh==WhatEver", the "WhatEver" is ignored and the authentication attempt is successful. This stopped happening in the latest snapshot because we started using the Java Base64 decoder instead of commons-codec, now the case results in a 500. We need to provide a compatibility option to continue accepting such headers while changing the default to return a 401.

Attachments

Activity

People

Assignee:: Ana Laura Felisatti

Reporter:: Ana Laura Felisatti

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 24/May/19 07:35 PM

Updated:: 20/May/20 01:42 AM

Resolved:: 12/Jul/19 10:18 PM