[R2DBC-121] caching_sha2_password/sha256_password login fails with passwords ≥ 20 characters - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.4.1
Component/s: other
Labels:
None

Description

During RSA full authentication (non-TLS), the password is XOR-ed with the server's 20-byte scramble before encryption. When the scramble arrived via an AuthSwitchRequest it carried a trailing null, and the connector cycled the XOR over 21 bytes instead of 20, corrupting every password byte from index 20 on, so longer passwords were rejected.

Reported by 4UjwXc (GH #84).

Attachments

Activity

People

Assignee:: Diego Dupin

Reporter:: Diego Dupin

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2026-06-15 10:05

Updated:: 6 days ago 12:21

Resolved:: 2026-06-15 14:37

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.