Description
The userPassword attribute should not be searchable by default. More specifically, it should not be a part of any filter, as it may be a security breach (imagine you use something like (&(cn=foo)(userPassword > a)(userPassword < c)), you can easily find the password in a very simple way...)
Attachments
Issue Links
- is a clone of
-
DIRSERVER-997 Block search ability for userPassword attribute
- Reopened