I have tested secret manager, and I have the same problem, when you select RADIUS or LDAP, the valid user can login with valid or invalid password, is it a important bug.
Local users are working ok.
And this project is discontinued ? The tool is wonderful for IT
Thanks in advance.
Victor
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have tested secret manager, and I have the same problem, when you select RADIUS or LDAP, the valid user can login with valid or invalid password, is it a important bug.
Local users are working ok.
And this project is discontinued ? The tool is wonderful for IT
Status: open
Milestone: 0.1
Created: Tue Oct 13, 2015 10:03 PM UTC by Gleison Baioco
Last Updated: Fri Oct 16, 2015 11:32 AM UTC
Owner: nobody
Hi Pierre-Luc MARY,
I've tryed LDAP and RADIUS authentication methods and I've observed a security issue. If I select RADIUS or LDAP, I just need to inform my user (created in Secret Manager) and the tool performs the login. If I select Password Authentication method, I need to inform my user as well as its password.
I have tested secret manager, and I have the same problem, when you select RADIUS or LDAP, the valid user can login with valid or invalid password, is it a important bug.
Local users are working ok.
And this project is discontinued ? The tool is wonderful for IT
Status: open
Milestone: 0.1
Created: Tue Oct 13, 2015 10:03 PM UTC by Gleison Baioco
Last Updated: Fri Oct 16, 2015 11:32 AM UTC
Owner: nobody
Hi Pierre-Luc MARY,
I've tryed LDAP and RADIUS authentication methods and I've observed a security issue. If I select RADIUS or LDAP, I just need to inform my user (created in Secret Manager) and the tool performs the login. If I select Password Authentication method, I need to inform my user as well as its password.
Status: open
Milestone: 0.1
Created: Tue Oct 13, 2015 10:03 PM UTC by Gleison Baioco
Last Updated: Fri Mar 03, 2017 04:57 PM UTC
Owner: nobody
Hi Pierre-Luc MARY,
I've tryed LDAP and RADIUS authentication methods and I've observed a security issue. If I select RADIUS or LDAP, I just need to inform my user (created in Secret Manager) and the tool performs the login. If I select Password Authentication method, I need to inform my user as well as its password.
Le 5 mars 2017 à 20:32, Pierre-Luc MARY pl_mary@users.sf.net
a écrit :
Hi Victor,
SecretManager not dead, but sleep ;o)
Ok, I will make test for understand this problem.
See you soon.
Le 3 mars 2017 à 17:57, Victor Franco
victorfr1818@users.sf.net victorfr1818@users.sf.net a
écrit :
Hi Pierre,
I have tested secret manager, and I have the same problem,
when you select RADIUS or LDAP, the valid user can login
with valid or invalid password, is it a important bug.
Local users are working ok.
And this project is discontinued ? The tool is wonderful
for IT
Created: Tue Oct 13, 2015 10:03 PM UTC by Gleison Baioco
Last Updated: Fri Oct 16, 2015 11:32 AM UTC
Owner: nobody
Hi Pierre-Luc MARY,
I've tryed LDAP and RADIUS authentication methods and I've
observed a security issue. If I select RADIUS or LDAP, I
just need to inform my user (created in Secret Manager) and
the tool performs the login. If I select Password
Authentication method, I need to inform my user as well as
its password.
Created: Tue Oct 13, 2015 10:03 PM UTC by Gleison Baioco
Last Updated: Fri Mar 03, 2017 04:57 PM UTC
Owner: nobody
Hi Pierre-Luc MARY,
I've tryed LDAP and RADIUS authentication methods and I've
observed a security issue. If I select RADIUS or LDAP, I
just need to inform my user (created in Secret Manager) and
the tool performs the login. If I select Password
Authentication method, I need to inform my user as well as
its password.
Created: Tue Oct 13, 2015 10:03 PM UTC by
Gleison Baioco
Last Updated: Fri Mar 03, 2017 04:57 PM UTC
Owner: nobody
Hi Pierre-Luc MARY,
I've tryed LDAP and RADIUS authentication methods and I've
observed a security issue. If I select RADIUS or LDAP, I just
need to inform my user (created in Secret Manager) and the
tool performs the login. If I select Password Authentication
method, I need to inform my user as well as its password.
</body>
</html> [tickets:#30] Security Issue in Authentication
Status: open
Milestone: 0.1
Created: Tue Oct 13, 2015 10:03 PM UTC by Gleison Baioco
Last Updated: Fri Mar 03, 2017 04:57 PM UTC
Owner: nobody
Hi Pierre-Luc MARY,
I've tryed LDAP and RADIUS authentication methods and I've observed a security issue. If I select RADIUS or LDAP, I just need to inform my user (created in Secret Manager) and the tool performs the login. If I select Password Authentication method, I need to inform my user as well as its password.
I'm not sure to understand your words. When you're select RADIUS or LDAP, you don't give a PASSWORD and you can connect in SecretManager. It's right ?
Hi Pierre,
I have tested secret manager, and I have the same problem, when you select RADIUS or LDAP, the valid user can login with valid or invalid password, is it a important bug.
Local users are working ok.
And this project is discontinued ? The tool is wonderful for IT
Thanks in advance.
Victor
Hi Victor,
SecretManager not dead, but sleep ;o)
Ok, I will make test for understand this problem.
See you soon.
Hello Victor,
Could you test my modifications ?
Install the following files :
{SECRET_MANAGER}/Libraries/Class_IICA_Authentifications_PDO.inc.php
{SECRET_MANAGER}/SM-preferences.php
Thanks for advance.
Pierre-Luc
Hello,
I put a new version in fiew hours
Pierre-Luc MARY
Related
Tickets: #30
Last edit: Victor Franco 2017-11-12
Hi pierre,
I couldn't test before, sorry
I have tested and exist a problem with integrity files, is a security system that you have to avoid modification of files.
How to resolve it:
(./SM-preferences.php
Libraries/Class_Security.inc.php
Libraries/Class_HTML.inc.php
Libraries/Class_IICA_Authentications_PDO.inc.php)
Thanks in advance.
Br Victor