[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-1785) Any LDAP user can login in the Portal with blank password
Marco Sarti (JIRA)
jira-events at lists.jboss.org
Wed Nov 7 16:54:44 EST 2007
Any LDAP user can login in the Portal with blank password
---------------------------------------------------------
Key: JBPORTAL-1785
URL: http://jira.jboss.com/jira/browse/JBPORTAL-1785
Project: JBoss Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Portal Identity
Affects Versions: 2.6.2 Final
Environment: Any (Windows, Linux, MAC OSX)
Reporter: Marco Sarti
Priority: Critical
I refer to this document:
http://wiki.jboss.org/wiki/Wiki.jsp?page=ConfigurePortalForMicrosoftActiveDirectory
With portal configured to authenticate users through LDAP/Active Directory, any user can login simply leaving the password field empty.
The identity management correctly rejects wrong passwords, but accepts blank password and it completes the authentication process as the password was right.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list