IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 00:31:56 -06:00
Code Issues Packages Projects Releases Wiki Activity
d80f5e3046
freeipa/daemons
History
Nathaniel McCallum 013e2eae20 Ensure that a password exists after OTP validation 
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication() successfully determined that
an empty password was invalid, but 389 itself would see this as an
anonymous bind. An anonymous bind would never even get this far in
this code, so we simply deny requests with empty passwords.

This patch resolves CVE-2014-7828.

https://fedorahosted.org/freeipa/ticket/4690

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2014-11-06 10:56:19 +01:00
..
ipa-kdb ipa-kdb: fix unit tests 2014-09-26 11:28:26 +02:00
ipa-otpd Move ipa-otpd socket directory 2014-02-11 17:36:19 +01:00
ipa-sam ipa-sam: cache gid to sid and uid to sid requests in idmap cache 2014-03-12 12:19:06 +01:00
ipa-slapi-plugins Ensure that a password exists after OTP validation 2014-11-06 10:56:19 +01:00
configure.ac Add OTP last token plugin 2014-02-21 10:26:02 +01:00
ipa-version.h.in Fix typos 2011-09-07 13:20:42 +02:00
Makefile.am Add the krb5/FreeIPA RADIUS companion daemon 2013-05-17 09:30:51 +02:00