Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-2519

Disallow to set a password for LDAP authenticated user => Security hole

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Major
    • None
    • 1.3 M2, 1.3 RC1, 1.3, 1.3.1, 1.4 M1, 1.3.2, 1.4 M2, 1.4 RC1, 1.4, 1.5 M1, 1.4.1, 1.5 M2
    • {Unused} Auth Service - LDAP
    • None
    • ldap,user

    Description

      LDAP authenticated user may introduce a password into the XWiki DB, which may be used to login after there account has been remove from LDAP and try_local is enabled

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. XAADMINISTRATION-16 "Forgot your password" and "change your password" features should be disabled for LDAP user

          • Major - Major loss of function.
          • Closed

          Activity

            People

              tmortagne Thomas Mortagne
              softec Denis Gervalle
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: