projects / 389-ds-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 02565f1) | patch
[PATCH] Issue 5221 - User with expired password can still login with full privledges
authorMark Reynolds <mreynolds@redhat.com>
Thu, 3 Mar 2022 21:29:41 +0000 (16:29 -0500)
committerAnton Gladky <gladk@debian.org>
Mon, 24 Apr 2023 04:08:15 +0000 (05:08 +0100)
commit5ca00325c1d241c977c025a61288467eba1ffad3
tree2790aa86b05513c33cd1f9baf7737eff296ddc9btree | snapshot
parent02565f1a42641ac3aacc9631bf3d3708112f69cdcommit | diff
[PATCH] Issue 5221 - User with expired password can still login with full privledges

Bug Description:

A user with an expired password can still login and perform operations
with its typical access perimssions.  But an expired password means the
account should be considered anonymous.

Fix Description:

Clear the bind credentials if the password is expired

relates: https://github.com/389ds/389-ds-base/issues/5221

Reviewed by: progier(Thanks!)

Gbp-Pq: Name CVE-2022-0996.patch
dirsrvtests/tests/suites/password/pw_expired_access_test.py [new file with mode: 0644] blob
ldap/servers/slapd/pw_mgmt.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.