|
From: | David García |
Subject: | [Dolibarr-bugtrack] LDAP Validation - Bug - Can Enter with blank password |
Date: | Wed, 29 Jan 2014 10:29:47 -0000 |
Hello! I have this problem in Dolibarr 3.4.1 y 3.5.0 but I have read in the forums that is an old bug. If I put LDAP validation in my conf.php, Dolibarr does: 1) If you type an incorrect password - you will be barred. 2) If you type the correct password - you will be given access. 3) If you leave the password blank - you will be given access. The problem is 3). How can be possible??? I have searched in forums and find another person with the same problem, without answer: http://www.dolibarr.org/forum/527-bugs-on-a-stable-version/20839-ldap-module-does-not-check-password http://www.dolibarr.org/forum/527-bugs-on-a-stable-version/23597-v334-ldap-security-problem#23597 I really need LDAP validation in Dolibarr, but blank passwords are a serious risk. What can I do? Thanks! David P.S. Sorry for my English (I am not natural) |
[Prev in Thread] | Current Thread | [Next in Thread] |