We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem: Rebind is comparing making this comparison to validate input data:
if password: self.password = password
That condition is false in case of password = '', so the old value of the object will be keep in that case, including case where the bind was correct.
password = ''
This is a potential security hole, since a correct bind followed by a rebind with empty password will complete the binding correctly.
I have changed the way the password is checked to only check if None. #392
The text was updated successfully, but these errors were encountered:
Thanks, will include your fix in the next release of ldap3.
Sorry, something went wrong.
Thanks a lot @cannatag
Fixed in v2.4
authentication=anonymous
authentication=simple
No branches or pull requests
Problem: Rebind is comparing making this comparison to validate input data:
That condition is false in case of
password = ''
, so the old value of the object will be keep in that case, including case where the bind was correct.This is a potential security hole, since a correct bind followed by a rebind with empty password will complete the binding correctly.
I have changed the way the password is checked to only check if None.
#392
The text was updated successfully, but these errors were encountered: