[jboss-jira] [JBoss JIRA] Created: (JBAS-3783) LdapLoginModule allows access when JUST the username is entered (NO Password entered).
Mark Burgeson (JIRA)
jira-events at jboss.com
Tue Oct 24 16:33:42 EDT 2006
LdapLoginModule allows access when JUST the username is entered (NO Password entered).
--------------------------------------------------------------------------------------
Key: JBAS-3783
URL: http://jira.jboss.com/jira/browse/JBAS-3783
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Security
Affects Versions: JBossAS-4.0.4.GA, JBossAS-4.0.3 Final
Environment: This issue is was tested and is known to be present in Linux and SUN platforms.
Reporter: Mark Burgeson
Assigned To: Scott M Stark
LdapLoginModule is enabled for LDAP Group authentication.
As expected, access is allowed when a valid username/password is supplied and the user belongs to the LDAP group.
In addition, access is allowed when JUST the username is entered, without the password, and the user belongs to the LDAP group. This appears to be a bug.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list