Skip to content

fail SCRAM exchange on invalid ServerSignature#2235

Open
madib06ops wants to merge 1 commit into
AsyncHttpClient:mainfrom
madib06ops:scram-verify-server-signature
Open

fail SCRAM exchange on invalid ServerSignature#2235
madib06ops wants to merge 1 commit into
AsyncHttpClient:mainfrom
madib06ops:scram-verify-server-signature

Conversation

@madib06ops

Copy link
Copy Markdown
Contributor
  1. processScramAuthenticationInfo checks the SCRAM ServerSignature from Authentication-Info (and Proxy-Authentication-Info) but on a mismatch only logged a warning, so a response from a peer that never proved knowledge of the shared secret was still delivered as a success, voiding the mutual-authentication guarantee.
  2. RFC 7804 section 5 requires the client to treat that as an unsuccessful exchange.

Abort the request when the ServerSignature is present but invalid or unparseable, for both the origin and proxy SCRAM paths. A missing header stays warn-only, since it may legitimately arrive in chunked trailers that AHC does not read. Added a regression test that drives a full handshake and returns a corrupted ServerSignature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant