#555 ✓resolved
Desaules

vulnerability with ldap authentication

Reported by Desaules | April 13th, 2012 @ 08:13 AM | in Rundeck 1.4.3 (closed)

  • Issue Type: Bug
  • Rundeck version: 1.4.2

Issue: vulnerability using ldap authentication

When an user is connect one time with the good login/pass,
anyone can connect to the web gui using the same login with any pass
oO and have all the user power...


Reproduce: (Enter steps to reproduce bug here.)
1- Connect the web GUI one user on the Computer1 with good credential
2- try to connect the same user with any pass on the Computer2
3- It will work with any password oO

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

(DEPRECATED) Please use github issues for issue tracking at http://github.com/dtolabs/rundeck/issues

Shared Ticket Bins

People watching this ticket

Pages