Bug 61622 - HTTP Authorization Manager: Colon in Username is not rejected for BASIC_DIGEST
Summary: HTTP Authorization Manager: Colon in Username is not rejected for BASIC_DIGEST
Status: NEW
Alias: None
Product: JMeter
Classification: Unclassified
Component: HTTP (show other bugs)
Version: 3.3
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: JMeter issues mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-16 13:07 UTC by marius.spix
Modified: 2017-10-16 13:07 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description marius.spix 2017-10-16 13:07:52 UTC
RFC 2617 does not allow usernames which include a colon ':', however, the HTTP Authorization Manager does. This causes creation of nonsense Authorization headers, as all parts of the username after the first colon are interpreted as part of the password.

The HTTP Authorization Manager should reject usernames with a colon.

JMeter Version: 3.3 r1808647