Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-4945

In Nifi 1.5, START_TLS in combination with LDAP will allow any password during auth

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.5.0
    • 1.6.0
    • Core Framework
    • alpine docker, openjdk 8, jumpcloud ldp service

    Description

      In Nifi 1.5, START_TLS in combination with LDAP will allow any password during auth

       

      This has to do with the login portion of the ldap integration and not the groups aspect.

       

      START_TLS accepts any password (huge security hole!)

      LDAPS,SIMPLE will not allow any password

       

      strange!

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            mcgilman Matt Gilman
            dreamcodez Matthew Elder
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment