IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-28 09:06:44 -06:00
Code Issues Packages Projects Releases Wiki Activity
671a50bc86
freeipa/daemons/ipa-slapi-plugins/ipa-pwd-extop
History
Nathaniel McCallum 013e2eae20 Ensure that a password exists after OTP validation 
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication() successfully determined that
an empty password was invalid, but 389 itself would see this as an
anonymous bind. An anonymous bind would never even get this far in
this code, so we simply deny requests with empty passwords.

This patch resolves CVE-2014-7828.

https://fedorahosted.org/freeipa/ticket/4690

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2014-11-06 10:56:19 +01:00
..
authcfg.c Teach ipa-pwd-extop to respect global ipaUserAuthType settings 2014-02-21 10:26:02 +01:00
authcfg.h Teach ipa-pwd-extop to respect global ipaUserAuthType settings 2014-02-21 10:26:02 +01:00
common.c Teach ipa-pwd-extop to respect global ipaUserAuthType settings 2014-02-21 10:26:02 +01:00
encoding.c keytabs: Expose and modify key encoding function 2014-06-26 10:30:53 +02:00
ipa_pwd_extop.c Fix getkeytab code to always use implicit tagging. 2014-06-27 10:03:23 +02:00
ipapwd.h keytabs: Expose and modify key encoding function 2014-06-26 10:30:53 +02:00
Makefile.am Teach ipa-pwd-extop to respect global ipaUserAuthType settings 2014-02-21 10:26:02 +01:00
prepost.c Ensure that a password exists after OTP validation 2014-11-06 10:56:19 +01:00
pwd-extop-conf.ldif Enable transactions by default, make password and modrdn TXN-aware 2012-11-21 14:55:12 +01:00
README Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
syncreq.c Change OTPSyncRequest structure to use OctetString 2014-06-25 14:22:01 +02:00
syncreq.h Change OTPSyncRequest structure to use OctetString 2014-06-25 14:22:01 +02:00

README