Operational Defect Database

BugZero found this defect 2496 days ago.

MongoDB | 378173

[SERVER-28997] Limit SCRAM-SHA-1 Cache's use of Secure Memory

Last update date:

10/30/2023

Affected products:

MongoDB Server

Affected releases:

3.4.4

Fixed releases:

3.2.16

3.4.6

3.5.8

Description:

Info

SaslSCRAMSHA1ClientConversations have a SCRAMSecrets which they 'll pull out of the cache. SCRAMSecrets allocate secure storage in their default constructor, so they may be populated. Instead, SaslSCRAMSHA1ClientConversation and the cache should store shared_ptrs to SCRAMSecret.

Top User Comments

xgen-internal-githook commented on Tue, 11 Jul 2017 23:02:14 +0000: Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'} Message: SERVER-28997: Limit SCRAM-SHA-1 cache's use of Secure Memory (cherry picked from commit 7ca9cebf2623865fd0077f90baf61132d866a674) (cherry picked from commit 8a4d00991cd1721240f13c8713d7d819baa1763e) Branch: v3.2 https://github.com/mongodb/mongo/commit/764b75a48f57c84ea8c0b867b3128e1d8760086a xgen-internal-githook commented on Mon, 19 Jun 2017 15:21:49 +0000: Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'} Message: SERVER-28997: Limit SCRAM-SHA-1 cache's use of Secure Memory (cherry picked from commit 7ca9cebf2623865fd0077f90baf61132d866a674) Branch: v3.4 https://github.com/mongodb/mongo/commit/8a4d00991cd1721240f13c8713d7d819baa1763e spencer.jackson@10gen.com commented on Tue, 13 Jun 2017 19:53:11 +0000: victorgp Yes, this ticket will be backported to 3.4. victorgp commented on Mon, 12 Jun 2017 23:04:14 +0000: Is there any chance we will get the backport for 3.4 version? We, at ThousandEyes, are affected by this issue xgen-internal-githook commented on Tue, 16 May 2017 13:46:10 +0000: Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'} Message: SERVER-28997: Limit SCRAM-SHA-1 cache's use of Secure Memory Branch: master https://github.com/mongodb/mongo/commit/7ca9cebf2623865fd0077f90baf61132d866a674

Additional Resources / Links

Share:

BugZero Risk Score

Coming soon

Status

Closed

Have you been affected by this bug?

cost-cta-background

Do you know how much operational outages are costing you?

Understand the cost to your business and how BugZero can help you reduce those costs.

Discussion

Login to read and write comments.

Have you ever...

had your data corrupted from a

VMware

bug?

Search:

...