SEC-1764: z/OS Password Encoding Error #1986

Closed
spring-issuemaster opened this Issue Jun 13, 2011 · 1 comment

1 participant

@spring-issuemaster

Bob Markle (Migrated from SEC-1764) said:

Package: org.springframework.security.authentication.encoding
LdapShaPasswordEncoding.java

Fix - line 104: has been tested with "org.springframework.security.core_3.0.3.RELEASE" on z/OS 1.12
was: return prefix + new String(Base64.encode(hash));
change: return prefix + new String(Base64.encode(hash), "UTF-8");

MD4PasswordEncoder.java also looks like it has same issue.

@spring-issuemaster

Luke Taylor said:

Thanks for the report. I've updated password encoders to replace calls to new String(byte[]) with Utf8 encoded values.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.RC3 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment