Uploaded image for project: 'HTTP Connector'
  1. HTTP Connector
  2. HTTPC-47

Basic auth filter accepts header characters beyond the padding

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • To be reviewed
    • Resolution: Done
    • None
    • None
    • Security Level: Public
    • None
    • S3
    • No
    • Pre-production defect
    • S3

    Description

      When a header for basic auth is received such as "Basic jdhglsadjgh==WhatEver", the "WhatEver" is ignored and the authentication attempt is successful. This stopped happening in the latest snapshot because we started using the Java Base64 decoder instead of commons-codec, now the case results in a 500. We need to provide a compatibility option to continue accepting such headers while changing the default to return a 401.

      Attachments

        Activity

          People

            afelisatti@mulesoft.com Ana Laura Felisatti (Inactive)
            afelisatti@mulesoft.com Ana Laura Felisatti (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: