61622 – HTTP Authorization Manager: Colon in Username is not rejected for BASIC_DIGEST

Bug 61622 - HTTP Authorization Manager: Colon in Username is not rejected for BASIC_DIGEST

Summary: HTTP Authorization Manager: Colon in Username is not rejected for BASIC_DIGEST

Status:	NEW

Alias:	None

Product:	JMeter - Now in Github
Classification:	Unclassified
Component:	HTTP (show other bugs)
Version:	3.3
Hardware:	PC All

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	JMeter issues mailing list

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-10-16 13:07 UTC by marius.spix
Modified:	2017-10-16 13:07 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description marius.spix 2017-10-16 13:07:52 UTC

RFC 2617 does not allow usernames which include a colon ':', however, the HTTP Authorization Manager does. This causes creation of nonsense Authorization headers, as all parts of the username after the first colon are interpreted as part of the password.

The HTTP Authorization Manager should reject usernames with a colon.

JMeter Version: 3.3 r1808647

Comment 1 The ASF infrastructure team 2022-09-24 20:38:10 UTC

This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/4521