peval / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

unknown host name causes authentication failure #259

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.Start authentication process with anonymous@unknown
2.Try to login() with a valid user
3.User/password are accepted
4.Verification for lastHostAddress compares last host, which is currently set 
to "unknown" value, to host address and it always fails...

What is the expected output? What do you see instead?
I expect a successfull login, but get authentication exception due to user 
jumping from "unknown" host to 127.0.0.1.

What version of the product are you using? On what operating system?
SVN head on Vista

Does this issue affect only a specified browser or set of browsers?
Tried on IE7.

Original issue reported on code.google.com by sandro.r...@gmail.com on 24 Jan 2012 at 11:53

GoogleCodeExporter commented 9 years ago
Hi, I am getting the same issue.

Here are the stack trace:
0:0:0:0:0:0:0:1
0.0.0.0
0:0:0:0:0:0:0:1
2--User session just jumped from unknown to 0:0:0:0:0:0:0:1
org.owasp.esapi.errors.AuthenticationHostException: Host change
    at org.owasp.esapi.reference.DefaultUser.setLastHostAddress(DefaultUser.java:524)
    at org.owasp.esapi.reference.DefaultUser.loginWithPassword(DefaultUser.java:421)
    at org.owasp.esapi.reference.AbstractAuthenticator.loginWithUsernameAndPassword(AbstractAuthenticator.java:177)
    at org.owasp.esapi.reference.AbstractAuthenticator.login(AbstractAuthenticator.java:209)
    at org.owasp.esapi.reference.AbstractAuthenticator.login(AbstractAuthenticator.java:187)

Original comment by sunil7...@gmail.com on 8 Oct 2014 at 6:34