Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-2519

Disallow to set a password for LDAP authenticated user => Security hole

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 1.3 M2, 1.3 RC1, 1.3, 1.3.1, 1.4 M1, 1.3.2, 1.4 M2, 1.4 RC1, 1.4, 1.5 M1, 1.4.1, 1.5 M2
    • Fix Version/s: None
    • Labels:
      None
    • keywords:
      ldap,user
    • Similar issues:

      Description

      LDAP authenticated user may introduce a password into the XWiki DB, which may be used to login after there account has been remove from LDAP and try_local is enabled

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tmortagne Thomas Mortagne
              Reporter:
              softec Denis Gervalle
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: