[jboss-dev-forums] [Design of JBoss Portal] - Security problem? ActiveDirectory users can login with blank
marco.sarti
do-not-reply at jboss.com
Thu Nov 8 05:51:03 EST 2007
JBoss Portal 2.6.2-GA configured as described in:
http://wiki.jboss.org/wiki/Wiki.jsp?page=ConfigurePortalForMicrosoftActiveDirectory
I have installed the Portal and I'm developing a portlet where LDAP/AD authentication/authorization is required.
Unfortunately I have observed a very, very big problem using the ldap_identity-config: when the password field in login form is empty the module authenticates any user that exists in Active Directory, exactly as the right password was supplied.
I have created a new issue on JIRA:
http://jira.jboss.com/jira/browse/JBPORTAL-1785
Any suggestion?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4102841#4102841
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4102841
More information about the jboss-dev-forums
mailing list