Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 6.10.3, 7.0.2, 7.1.1
Affects Version/s: 6.8.1
Component/s: Access Keys
Labels:
- dob-pr

Fixed in Long Term Support Release/s:

Download 6.10
Support reference count:
1
Symptom Severity:
Severity 3 - Minor
UIS:
2
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Summary

Using personal access tokens to Basic authenticate against REST API endpoints, we notice that adding one character in the end is considering the token as valid.

When we add more than one character the token is considered invalid and the IncorrectPasswordAuthenticationException is thrown.

Steps to Reproduce

Create a personal access token
call a REST API endpoint such as /rest/api/1.0/admin/users
choose basic authentication via access token.
At first use the exact access token and make the call
Then, add one character to the end of that token and make the call again.
Then, add more one character (so now we have two extra characters) and make the call again.

Expected Results

Once the token is changed by adding one or more characters we expect the authentication to fail.

Actual Results

adding one character does not affect the authentication and the call succeeds.
adding more than one character the call fails.

Workaround

Currently, we don't have a workaround to apply on this case.

Attachments

Activity

People

Assignee:: Manish

Reporter:: Fares Abbes (Inactive)

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 03/Feb/2020 8:36 PM

Updated:: 22/May/2020 7:54 AM

Resolved:: 19/May/2020 1:06 AM