Skip to content

Lockout policies are not properly applied to LDAP and Domain Users #4579

New issue
New issue
Closed
Closed
Lockout policies are not properly applied to LDAP and Domain Users#4579
Labels
SECURITYA security issue reported through CVEbugUndesired behaviour
Milestone
v1.2.20
@TheWitness

Description

@TheWitness
TheWitness
opened on Feb 27, 2022

Describe the bug

Due to the complexity of the authentication code, the case where LDAP users should be applied a lockout policy was missed. This can cause opportunities for Cacti to be used to compromise LDAP security when the LDAP does not do this for itself.

Expected behavior

Cacti should allow these users to be locked out after a certain number of attempts.

Metadata

Metadata

Assignees

No one assigned

    Labels

    SECURITYA security issue reported through CVEbugUndesired behaviour

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions