You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Jean-Baptiste Onofré (JIRA)" <ji...@apache.org> on 2016/12/12 13:20:58 UTC
[jira] [Created] (KARAF-4892) Encode username in LDAPLoginModule to
avoid "code" injection
Jean-Baptiste Onofré created KARAF-4892:
-------------------------------------------
Summary: Encode username in LDAPLoginModule to avoid "code" injection
Key: KARAF-4892
URL: https://issues.apache.org/jira/browse/KARAF-4892
Project: Karaf
Issue Type: Bug
Components: karaf-security
Reporter: Jean-Baptiste Onofré
Assignee: Jean-Baptiste Onofré
Fix For: 4.1.0, 4.0.8
A malicious user can inject "LDAP" code in the username, causing bad behavior in the LDAP login module.
To prevent this, the LDAP login module should encode the user.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)