Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Done
Priority: Major - P3
Fix Version/s: 3.3.11
Affects Version/s: 3.2.7
Component/s: Security
Labels:
None

Backwards Compatibility:
Fully Compatible
Sprint:
Security 17 (07/15/16), Security (08/08/16)
Linked BF Score:
0
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

With the inclusion of setParameter support for LDAP authn/z parameters it is now technically possible to swap out the entire user database by switching LDAP server.

This is a security event that should be audited. I propose we include an audit entry for all calls to setParameter.

Assignee:: Andreas Nilsson (Inactive)
Reporter:: Andreas Nilsson (Inactive)
Participants:: Andreas Nilsson, Andy Schwerin, Eric Milkie, Githook User
Votes:: 0 Vote for this issue
Watchers:: 7 Start watching this issue

Created:: Jun 24 2016 02:08:08 PM UTC
Updated:: Aug 13 2016 12:07:32 AM UTC
Resolved:: Jul 28 2016 05:41:56 PM UTC

Details

Description

Attachments

Activity

People

Dates