Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-4892

Encode username in LDAPLoginModule to avoid "code" injection

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.1.0, 4.0.8
    • Component/s: karaf
    • Labels:
      None

      Description

      A malicious user can inject "LDAP" code in the username, causing bad behavior in the LDAP login module.
      To prevent this, the LDAP login module should encode the user.

        Attachments

          Activity

            People

            • Assignee:
              jbonofre Jean-Baptiste Onofré
              Reporter:
              jbonofre Jean-Baptiste Onofré
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: