[NIFI-4945] In Nifi 1.5, START_TLS in combination with LDAP will allow any password during auth - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.5.0
Fix Version/s: 1.6.0
Component/s: Core Framework
Labels:
- ldap
- security
- tls
Environment:
alpine docker, openjdk 8, jumpcloud ldp service

Description

In Nifi 1.5, START_TLS in combination with LDAP will allow any password during auth

This has to do with the login portion of the ldap integration and not the groups aspect.

START_TLS accepts any password (huge security hole!)

LDAPS,SIMPLE will not allow any password

strange!

Attachments

Issue Links

links to

GitHub Pull Request #2524

Activity

People

Assignee:: Matt Gilman

Reporter:: Matthew Elder

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 08/Mar/18 02:43

Updated:: 09/Mar/18 19:54

Resolved:: 09/Mar/18 19:54