Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-4892

Encode username in LDAPLoginModule to avoid "code" injection

          Details

          • Type: Bug
          • Status: Resolved
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: None
          • Fix Version/s: 4.1.0, 4.0.8
          • Component/s: karaf
          • Labels:
            None

            Description

            A malicious user can inject "LDAP" code in the username, causing bad behavior in the LDAP login module.
            To prevent this, the LDAP login module should encode the user.

              Attachments

                Activity

                  People

                  • Assignee:
                    jbonofre Jean-Baptiste Onofré
                    Reporter:
                    jbonofre Jean-Baptiste Onofré
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: