New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unexpected info returned to ldap request #4480
Comments
Bug description:
If the bind entry does not exist, the bind result info
reports that 'No such entry'. It should not give any
information if the target entry exists or not
Fix description:
Does not return any additional information during a bind
relates: 389ds#4480
Reviewed by:
Platforms tested: F31
Bug description:
If the bind entry does not exist, the bind result info
reports that 'No such entry'. It should not give any
information if the target entry exists or not
Fix description:
Does not return any additional information during a bind
relates: 389ds#4480
Reviewed by: William Brown, Viktor Ashirov
Platforms tested: F31
Bug description:
If the bind entry does not exist, the bind result info
reports that 'No such entry'. It should not give any
information if the target entry exists or not
Fix description:
Does not return any additional information during a bind
relates: 389ds#4480
Reviewed by: William Brown, Viktor Ashirov, Mark Reynolds (thank you all)
Platforms tested: F31
Bug description:
If the bind entry does not exist, the bind result info
reports that 'No such entry'. It should not give any
information if the target entry exists or not
Fix description:
Does not return any additional information during a bind
relates: #4480
Reviewed by: William Brown, Viktor Ashirov, Mark Reynolds (thank you all)
Platforms tested: F31
Bug description:
If the bind entry does not exist, the bind result info
reports that 'No such entry'. It should not give any
information if the target entry exists or not
Fix description:
Does not return any additional information during a bind
relates: #4480
Reviewed by: William Brown, Viktor Ashirov, Mark Reynolds (thank you all)
Platforms tested: F31
Bug description:
If the bind entry does not exist, the bind result info
reports that 'No such entry'. It should not give any
information if the target entry exists or not
Fix description:
Does not return any additional information during a bind
relates: #4480
Reviewed by: William Brown, Viktor Ashirov, Mark Reynolds (thank you all)
Platforms tested: F31
|
@tbordaz - does this also apply to 1.3.10 (RHEL 7.9)? |
|
@mreynolds389 no it does not apply to 1.3.10 (RHEL 7.9) branch. |
Error reporting of 389ds was changed in 389ds/389-ds-base#4480 to return no additional information about a failing bind (to avoid leaking information). As a consequence, when an unauthorized user tries to perform administrative task on IPA server the error message contains less info. The assertion was changed to accept old and new variants of error message.
Is there reference #49476 above correct. Trying to check which Debian releases are currently affected by this issue. |
@tbordaz: thank you! So we (in Debian) need to only additionally check the 1.4.0.21-1 version we have. Older suites have 1.3.x based and the current unstable was updated to 1.4.4.10 which has the fix. |
|
@carnil will the 1.4.4.x updates be put into current stable? It would be good to see debian updated here. Thanks, |
Bug description:
If the bind entry does not exist, the bind result info
reports that 'No such entry'. It should not give any
information if the target entry exists or not
Fix description:
Does not return any additional information during a bind
relates: #4480
Reviewed by: William Brown, Viktor Ashirov, Mark Reynolds (thank you all)
Platforms tested: F31
Issue Description
A ldap result can contain additional information. Such information should not allow a client application to guess if an entry exists or not
Package Version and Platform:
This bug impacts all release after 1.4.2.3
Steps to Reproduce
to be provided with an automatic testcase
Expected results
A ldap request should not provide any tips if an entry exists or not
The text was updated successfully, but these errors were encountered: