[KARAF-4892] Encode username in LDAPLoginModule to avoid "code" injection - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.1.0, 4.0.8
Component/s: karaf
Labels:
None

Description

A malicious user can inject "LDAP" code in the username, causing bad behavior in the LDAP login module.
To prevent this, the LDAP login module should encode the user.

Attachments

Activity

People

Assignee:: Jean-Baptiste Onofré

Reporter:: Jean-Baptiste Onofré

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 12/Dec/16 13:20

Updated:: 15/Sep/18 05:45

Resolved:: 12/Dec/16 13:22