Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-4945

In Nifi 1.5, START_TLS in combination with LDAP will allow any password during auth

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.0
    • Fix Version/s: 1.6.0
    • Component/s: Core Framework
    • Labels:
    • Environment:
      alpine docker, openjdk 8, jumpcloud ldp service

      Description

      In Nifi 1.5, START_TLS in combination with LDAP will allow any password during auth

       

      This has to do with the login portion of the ldap integration and not the groups aspect.

       

      START_TLS accepts any password (huge security hole!)

      LDAPS,SIMPLE will not allow any password

       

      strange!

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mcgilman Matt Gilman
                Reporter:
                dreamcodez Matthew Elder
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: