metronome icon indicating copy to clipboard operation
metronome copied to clipboard
verified publisher icon maranda

Bug in SCRAM implementation

Open tmolitor-stud-tu opened this issue 2 years ago • 2 comments

Your SCRAM implementation is not RFC conformant: https://github.com/maranda/metronome/blob/development/util/sasl/scram.lua#L204

RFC 5802 section 5.1 (last bullet point) states: Unknown optional extensions MUST be ignored upon receipt. Only mandatory options should result in an error, if unsupported by one party. To quote the RFC again:

Mandatory extensions sent by one peer but not understood by the
other MUST cause authentication failure (the server SHOULD send
the "extensions-not-supported" server-error-value).

tmolitor-stud-tu avatar Nov 26 '23 18:11 tmolitor-stud-tu

@tmolitor-stud-tu: To follow this ticket.

Neustradamus avatar Nov 26 '23 23:11 Neustradamus

@Neustradamus do you know that you can follow an issue by pressing the "Subscribe button" of the issue?

tmolitor-stud-tu avatar Nov 27 '23 00:11 tmolitor-stud-tu