[jboss-jira] [JBoss JIRA] Updated: (JBPORTAL-1785) Any LDAP user can login in the Portal with blank password
Thomas Heute (JIRA)
jira-events at lists.jboss.org
Thu Nov 8 03:15:44 EST 2007
[ http://jira.jboss.com/jira/browse/JBPORTAL-1785?page=all ]
Thomas Heute updated JBPORTAL-1785:
-----------------------------------
Fix Version/s: 2.6.3 Final
Priority: Major (was: Critical)
> Any LDAP user can login in the Portal with blank password
> ---------------------------------------------------------
>
> Key: JBPORTAL-1785
> URL: http://jira.jboss.com/jira/browse/JBPORTAL-1785
> Project: JBoss Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Portal Identity
> Affects Versions: 2.6.2 Final
> Environment: Any (Windows, Linux, MAC OSX)
> Reporter: Marco Sarti
> Fix For: 2.6.3 Final
>
>
> I refer to this document:
> http://wiki.jboss.org/wiki/Wiki.jsp?page=ConfigurePortalForMicrosoftActiveDirectory
> With portal configured to authenticate users through LDAP/Active Directory, any user can login simply leaving the password field empty.
> The identity management correctly rejects wrong passwords, but accepts blank password and it completes the authentication process as the password was right.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list