Details
-
Bug Report
-
Resolution: Fixed
-
L3 - Default
-
None
Description
When providing an empty password string to the checkPassword method we encounter an OperationNotSupportedException. Please find attached the complete stacktrace as well as a unit test to reproduce.
When using the Microsoft LDAP implementation however an empty password string results in a positive return value. So anyone and everyone is able to login when leaving the password field in Tasklist empty.
public void testLdapLoginEmptyPassword()
{ assertFalse(identityService.checkPassword("roman", "")); }