Details
-
Change Request
-
Resolution: Unresolved
-
Minor
-
None
-
3.0.25, 4.0.5
-
None
Description
- Enter the wrong username and any password - Login name or password is incorrect
- Enter correct username and wrong password - Cannot bind to LDAP server.
In that way, the attacker can identify active usernames.
Additionally would be nice to provide separate error messages for Expires password as an example.
public function getError() { $error = parent::getError(); $messages = [ CLdap::ERR_PHP_EXTENSION => _('PHP LDAP extension missing.'), CLdap::ERR_SERVER_UNAVAILABLE => _('Cannot connect to LDAP server.'), CLdap::ERR_BIND_FAILED => _('Cannot bind to LDAP server.'), CLdap::ERR_BIND_ANON_FAILED => _('Cannot bind anonymously to LDAP server.'), CLdap::ERR_USER_NOT_FOUND => _('Login name or password is incorrect.'), CLdap::ERR_OPT_PROTOCOL_FAILED => _('Setting LDAP protocol failed.'), CLdap::ERR_OPT_TLS_FAILED => _('Starting TLS failed.'), CLdap::ERR_OPT_REFERRALS_FAILED => _('Setting LDAP referrals to "Off" failed.'), CLdap::ERR_OPT_DEREF_FAILED => _('Setting LDAP dereferencing mode failed.') ];
Attachments
Issue Links
- mentioned in
-
Page Loading...