View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0010415CTT UA Scripts1 - Script Issuepublic2025-07-04 07:082025-07-05 15:20
ReporterAlexander Allmendinger Assigned ToAlexander Allmendinger  
PrioritynormalSeverityminorReproducibilityhave not tried
Status assignedResolutionopen 
Summary0010415: Username Password / 006 needs to expect BadUserIdentityTokenInvalid
Description

Update the test script to expect the BadUserIdentityTokenInvalid. If BadUserIdentityTokenRejected or BadUserAccessDenied is returned, then print a Recommendation to change it to UserIdentityTokenInvalid pointing to the proper section in the specification

Additional Information

From the specification Part 4 Services - 7.41.2.1 Token Encryption and Proof of Possession / Overview:

To prevent the leakage of information useful to attackers, Servers shall ensure that the process of validating UserIdentityTokens completes in a fixed interval independent of whether an error occurs or not. The process of validation includes decrypting, check for padding and checking for a valid nonce. If any errors occur the return code is Bad_IdentityTokenInvalid.

TagsNo tags attached.
Files Affected

/maintree/Security/Security User Name Password/Test Cases/006.js

Relationships

related to 0010414 assignedAlexander Allmendinger CTT UA Test Case Username Password / 006 needs to expect BadUserIdentityTokenInvalid 

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2025-07-04 07:08 Alexander Allmendinger New Issue
2025-07-04 07:32 Sebastian Allmendinger Project CTT UA Test Case => CTT UA Scripts
2025-07-04 08:28 Sebastian Allmendinger Files Affected => /maintree/Security/Security User Name Password/Test Cases/006.js
2025-07-05 15:18 Paul Hunkar Assigned To => Alexander Allmendinger
2025-07-05 15:18 Paul Hunkar Status new => assigned
2025-07-05 15:20 Paul Hunkar Relationship added related to 0010414