Defect #8091

LDAP Authentificaton doesn't verify certificate validity

Added by steven Mr almost 9 years ago. Updated over 8 years ago.

Status:ClosedStart date:2011-04-05
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:LDAP
Target version:-
Resolution:Duplicate Affected version:1.1.2

Description

Security-Bug:
LDAP Authentificaton doesn't verify certificate validity of the LDAP-server-certificate. Connection to the LDAP-Server with LDAPS is established, even if the server name in the certifitcate doesn't match or the certificate authority is not trustful.

Solution: If something is wrong with the certificate, or the certificate authority is not trustful, the connection to the LDAP-Server should be closed and any LDAP-Login should be disabled.


Related issues

Duplicates Redmine - Defect #8068: LDAP Authentificaton doesn't verify certificate validity Closed 2011-04-05

History

#1 Updated by Toshi MARUYAMA almost 9 years ago

  • Category changed from I18n to LDAP

#2 Updated by Etienne Massip almost 9 years ago

Note : not sure it's a true issue report as steven Mr just opened #8090 which is a test issue.

#3 Updated by Tony Edmonds over 8 years ago

  • Status changed from New to Resolved

Duplicate of #8068

#4 Updated by Etienne Massip over 8 years ago

  • Status changed from Resolved to Closed
  • Resolution set to Duplicate

Indeed, thank you.

Also available in: Atom PDF