Project

General

Profile

Actions

Bug #2326

closed

Erroneous successful webGUI authentication with blank password and AD authentication backend

Added by Kane Rason over 12 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
User Manager / Privileges
Target version:
Start date:
03/30/2012
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0.1
Affected Architecture:

Description

Erroneous successful authentication to the webGUI when using Active Directory authentication and no password is specified.

Possible fix by adding blank password check to ldap_backed function:

if(!$passwd) {
log_error("ERROR! No password entered.");
return false;
}

Actions

Also available in: Atom PDF