Sonar Plugins

Prevent login with a blank password

Details

  • Type: Improvement Improvement
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: LDAP-1.2.1
  • Component/s: LDAP
  • Labels:
    None
  • Number of attachments :
    0

Issue Links

relates to

Bug - A problem which impairs or prevents the functions of the product. SONAR-3968 Sonar should not allow any login with a blank password even when this authentication depends on an external system like LDAP

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Julien HENRY added a comment -

See http://docs.oracle.com/javase/jndi/tutorial/ldap/security/simple.html

The protocol automatically converts the authentication to "none" if a password is not supplied.

Show
Julien HENRY added a comment - See http://docs.oracle.com/javase/jndi/tutorial/ldap/security/simple.html The protocol automatically converts the authentication to "none" if a password is not supplied.
Hide
Permalink
Evgeny Mandrikov added a comment -

And in case of server with enabled anonymous access, this will lead to a successful authentication (we check password by using bind).

Show
Evgeny Mandrikov added a comment - And in case of server with enabled anonymous access, this will lead to a successful authentication (we check password by using bind).
Hide
Permalink
Julien HENRY added a comment -

As highlighted by Evgeny the problem only occurs with simple authentication. With the fix authentication will be prevented when password is blank AND using simple authentication.

Show
Julien HENRY added a comment - As highlighted by Evgeny the problem only occurs with simple authentication. With the fix authentication will be prevented when password is blank AND using simple authentication.
Hide
Permalink
Freddy Mallet added a comment -

Manually tested !

Show
Freddy Mallet added a comment - Manually tested !
Hide
Permalink
Julien HENRY added a comment -

IT added

Show
Julien HENRY added a comment - IT added

People

  • Assignee:
    Julien HENRY
    Reporter:
    Freddy Mallet
Vote (1)
Watch (3)

Dates

  • Created:
    Updated:
    Resolved: