ESAPI
unknown host name causes authentication failure
From [email protected] on January 24, 2012 06:53:51
What steps will reproduce the problem? 1.Start authentication process with anonymous@unknown 2.Try to login() with a valid user 3.User/password are accepted 4.Verification for lastHostAddress compares last host, which is currently set to "unknown" value, to host address and it always fails... What is the expected output? What do you see instead? I expect a successfull login, but get authentication exception due to user jumping from "unknown" host to 127.0.0.1. What version of the product are you using? On what operating system? SVN head on Vista Does this issue affect only a specified browser or set of browsers? Tried on IE7.
Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=259
From [email protected] on October 07, 2014 23:34:37
Hi, I am getting the same issue.
Here are the stack trace: 0:0:0:0:0:0:0:1 0.0.0.0 0:0:0:0:0:0:0:1 2--User session just jumped from unknown to 0:0:0:0:0:0:0:1 org.owasp.esapi.errors.AuthenticationHostException: Host change at org.owasp.esapi.reference.DefaultUser.setLastHostAddress(DefaultUser.java:524) at org.owasp.esapi.reference.DefaultUser.loginWithPassword(DefaultUser.java:421) at org.owasp.esapi.reference.AbstractAuthenticator.loginWithUsernameAndPassword(AbstractAuthenticator.java:177) at org.owasp.esapi.reference.AbstractAuthenticator.login(AbstractAuthenticator.java:209) at org.owasp.esapi.reference.AbstractAuthenticator.login(AbstractAuthenticator.java:187)