Loading...

XML

Word

Printable

Type: Bug Report
Resolution: Fixed
Priority: L3 - Default
Fix Version/s: 7.2.0, 7.2.0-alpha5
Affects Version/s: None
Component/s: engine
Labels:
- AD
- EasyPick

When providing an empty password string to the checkPassword method we encounter an OperationNotSupportedException. Please find attached the complete stacktrace as well as a unit test to reproduce.

When using the Microsoft LDAP implementation however an empty password string results in a positive return value. So anyone and everyone is able to login when leaving the password field in Tasklist empty.

public void testLdapLoginEmptyPassword()

{ assertFalse(identityService.checkPassword("roman", "")); }

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

stacktrace.txt
4 kB
15/Sep/14 1:09 PM
LdapLoginTest.java
1 kB
15/Sep/14 1:09 PM

is related to

CAM-2695 Improve robustness of LDAP integration

Closed

CAM-2391 I can not edit, delete or add users to groups with a backslash in the group ID

Closed

Assignee:: Sebastian Menski
Reporter:: Masroor Ahmad
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: 15/Sep/14 1:09 PM
Updated:: 30/Sep/14 3:09 PM
Resolved:: 16/Sep/14 11:18 AM

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Salesforce