Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1764: z/OS Password Encoding Error #1986

spring-issuemaster opened this Issue Jun 13, 2011 · 1 comment


None yet
1 participant

Bob Markle (Migrated from SEC-1764) said:

Package: org.springframework.security.authentication.encoding

Fix - line 104: has been tested with "org.springframework.security.core_3.0.3.RELEASE" on z/OS 1.12
was: return prefix + new String(Base64.encode(hash));
change: return prefix + new String(Base64.encode(hash), "UTF-8");

MD4PasswordEncoder.java also looks like it has same issue.

Luke Taylor said:

Thanks for the report. I've updated password encoders to replace calls to new String(byte[]) with Utf8 encoded values.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.RC3 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment