[jira] [Commented] (CLOUDSTACK-9369) Security issue! Local login open with SAML implementation

Fri, 17 Mar 2017 01:24:08 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-9369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15929574#comment-15929574
 ] 

ASF GitHub Bot commented on CLOUDSTACK-9369:
--------------------------------------------

GitHub user karuturi opened a pull request:

    https://github.com/apache/cloudstack/pull/2009

    CLOUDSTACK-9369 Fixed Ldap regression

    Ldap auto creation of accounts is broken due to the security fix for
    CLOUDSTACK-9369.
    There was an explicit check to not allow login incase the
    user doesnt exist.  removed the same.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/Accelerite/cloudstack CLOUDSTACK-9369

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cloudstack/pull/2009.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2009
    
----
commit e2efebadaa9d7e7ec7be3f9638f48c7b97394f5e
Author: Rajani Karuturi <[email protected]>
Date:   2017-02-09T18:43:13Z

    Bug-ID:CLOUDSTACK-9369 Fixed Ldap regression
    
    Ldap auto creation of accounts is broken due to the security fix for
    CLOUDSTACK-9369.
    There was an explicit check to not allow login incase the
    user doesnt exist.  removed the same.

----


> Security issue! Local login open with SAML implementation
> ---------------------------------------------------------
>
>                 Key: CLOUDSTACK-9369
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9369
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: SAML
>    Affects Versions: 4.5.2, 4.6.2, 4.7.1, 4.8.0
>         Environment: ACS 4.5.2
> XS 6.2/6.5
>            Reporter: Cyrano Rizzo
>            Assignee: Rajani Karuturi
>            Priority: Critical
>              Labels: login, loginmodule, saml
>         Attachments: 
> 4.5-CLOUDSTACK-9369-Restrict-default-login-to-ldap-nativ.patch, 
> 4.7plus-CLOUDSTACK-9369-Restrict-default-login-to-ldap-nativ.patch, 
> master-CLOUDSTACK-9369-Restrict-default-login-to-ldap-nativ.patch
>
>   Original Estimate: 8h
>  Remaining Estimate: 8h
>
> All SAML enabled accounts can login localy with any password



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to