[teiid-issues] [JBoss JIRA] Closed: (TEIID-471) Potential security problem is anonymous bind is allowed in the LDAP server
[
https://jira.jboss.org/jira/browse/TEIID-471?page=com.atlassian.jira.plug...
]
Li Liang closed TEIID-471.
--------------------------
Potential security problem is anonymous bind is allowed in the LDAP
server
--------------------------------------------------------------------------
Key: TEIID-471
URL: https://jira.jboss.org/jira/browse/TEIID-471
Project: Teiid
Issue Type: Bug
Components: Server
Affects Versions: 6.1.0, 6.0.0
Reporter: Li Liang
Assignee: Li Liang
Fix For: 6.1.0
When LDAP is used for authentication, if anonymous bind is allowed, user with blank
password will be authenticated successfully. That user (not anonymous) will be used when
querying the VDB in the current session. If authorization is turned on, that may cause
security problem. This is from customer case 275865.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira