[teiid-issues] [JBoss JIRA] Closed: (TEIID-471) Potential security problem is anonymous bind is allowed in the LDAP server
Li Liang (JIRA)
jira-events at lists.jboss.org
Tue Apr 7 13:15:22 EDT 2009
[ https://jira.jboss.org/jira/browse/TEIID-471?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Li Liang closed TEIID-471.
--------------------------
> Potential security problem is anonymous bind is allowed in the LDAP server
> --------------------------------------------------------------------------
>
> Key: TEIID-471
> URL: https://jira.jboss.org/jira/browse/TEIID-471
> Project: Teiid
> Issue Type: Bug
> Components: Server
> Affects Versions: 6.1.0, 6.0.0
> Reporter: Li Liang
> Assignee: Li Liang
> Fix For: 6.1.0
>
>
> When LDAP is used for authentication, if anonymous bind is allowed, user with blank password will be authenticated successfully. That user (not anonymous) will be used when querying the VDB in the current session. If authorization is turned on, that may cause security problem. This is from customer case 275865.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the teiid-issues
mailing list