search

kcjoon / as3corelib

Automatically exported from code.google.com/p/as3corelib
0 stars 0 forks source link

WSSEUsernameToken: nonce incorrectly used to generate digest #25

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. call WSSEUsernameToken.getUsernameToken("user", "password")

What is the expected output? What do you see instead?

In getUsernameToken, the nonce is base64-encoded. This encoded value is 
then used in determining the password digest. This is not according to the 
WS-Security UsernameToken specification: the password digest is based on 
the unencoded nonce value.

What version of the product are you using? On what operating system?

ad3corelib .90

Please provide any additional information below.

Original issue reported on code.google.com by epost...@gmail.com on 12 Jul 2007 at 2:20

GoogleCodeExporter commented 8 years ago 
Independently verified. Wasted a lot of time tracking down this bug.

Original comment by biggyspe...@gmail.com on 13 Aug 2007 at 9:36

GoogleCodeExporter commented 8 years ago 
The attached file contains a fix for issues 24 and 25.

Original comment by koenw...@gmail.com on 17 Dec 2008 at 2:05

Attachments: