opcua icon indicating copy to clipboard operation
opcua copied to clipboard

Published 20 hours ago verified publisher icon gopcua

Security issue when using username authentication

Open sailorvii opened this issue 4 years ago • 0 comments

I tried to use username/password for the opcua client but failed.

My code: opts = []opcua.Option{ opcua.AuthUsername(myuser, mypasswd), opcua.AuthPolicyID("username"), }

What I got "asn1: syntax error: sequence truncated" It failed at uasc/secure_channel_crypto.go: 77 remoteX509Cert, err := x509.ParseCertificate(cert) | ~

I also tried to add SecurityFromEndpoint, hit the same error.

I print the params of EncryptUserPassword, they were: policyURI: "" password: mypasswd cert: empty

I think the function "EncryptUserPassword" should return the original password. The fix like this could works: func (s *SecureChannel) EncryptUserPassword(policyURI, password string, cert, nonce []byte) ([]byte, string, error) { // If the User ID Token's policy was null, then default to the secure channel's policy if policyURI == "" { policyURI = s.cfg.SecurityPolicyURI }

if policyURI == ua.SecurityPolicyURINone {
    return []byte(password), "", nil
}

sailorvii avatar Dec 31 '20 08:12 sailorvii