CVE-2022-0996 - User with expired password can still login with full privledges - Issue 5221
Bug Description:
A user with an expired password can still login and perform operations
with its typical access perimssions. But an expired password means the
account should be considered anonymous.
Fix Description:
Clear the bind credentials if the password is expired
relates: https://github.com/389ds/389-ds-base/issues/5221
Reviewed by: progier(Thanks!)
Origin: upstream, commit:
8b2c56123118ba02bb15e3091d2ae62d46df7ba5
Gbp-Pq: Name CVE-2022-0996-User-with-expired-password-full-priv.patch
projects / 389-ds-base.git / commit