You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@karaf.apache.org by "Jean-Baptiste Onofré (JIRA)" <ji...@apache.org> on 2016/12/12 13:20:58 UTC

[jira] [Created] (KARAF-4892) Encode username in LDAPLoginModule to avoid "code" injection

Jean-Baptiste Onofré created KARAF-4892:
-------------------------------------------

             Summary: Encode username in LDAPLoginModule to avoid "code" injection
                 Key: KARAF-4892
                 URL: https://issues.apache.org/jira/browse/KARAF-4892
             Project: Karaf
          Issue Type: Bug
          Components: karaf-security
            Reporter: Jean-Baptiste Onofré
            Assignee: Jean-Baptiste Onofré
             Fix For: 4.1.0, 4.0.8


A malicious user can inject "LDAP" code in the username, causing bad behavior in the LDAP login module.
To prevent this, the LDAP login module should encode the user.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)