Hi everyone,

I've been working with the HLAPI library, and came across the following issue:

when connecting to an AMT11 machine with digest authentication and server TLS, if the 1st connection uses the correct credentials, the 2nd connection works even if the credentials are wrong.

See below sample code:

IAMTInstance amt;

IAMTInstance amt2;

try

{

ConnectionInfoEX ci = new ConnectionInfoEX("ro-nrc-vpro.anita.local", "admin", "Abcd1234!", true, // correct user and password

"", ConnectionInfoEX.AuthMethod.Digest, null, null, null);

amt = AMTInstanceFactory.CreateEX(ci);

if (amt != null)

Console.WriteLine("First connection ok");

amt.Dispose();

amt = null;

ConnectionInfoEX ci2 = new ConnectionInfoEX("ro-nrc-vpro.anita.local", "lkk", "fg", true, // incorrect user and password

"", ConnectionInfoEX.AuthMethod.Digest, null, null, null);

amt2 = AMTInstanceFactory.CreateEX(ci2); // this also succeeds!!

if (amt2 != null)

Console.WriteLine("Second connection ok");

amt2.Dispose();

amt2 = null;

}

Any ideas?

Note: I could only reproduce the issue with digest and server TLS, doesn't happen if server TLS is not enabled, and I did not try yet with Kerberos or with mutual TLS.

Note 2: if I stay in a break point long enough before the amt2 = AMTInstanceFactory.CreateEX(ci2) command (this "long enough" varies from attempt to attempt), the CreateEX fails, like expected. So it seems to have something to do with cleaning up the old connection..