[ https://issues.apache.org/jira/browse/NIFI-4945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16393452#comment-16393452 ]
ASF subversion and git services commented on NIFI-4945: ------------------------------------------------------- Commit 8f6645445578019ecf7a20f6522df0043cefce22 in nifi's branch refs/heads/master from [~mcgilman] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=8f66454 ] NIFI-4945: - Upgrading spring security version. This closes #2524. Signed-off-by: Andy LoPresto <alopre...@apache.org> > In Nifi 1.5, START_TLS in combination with LDAP will allow any password > during auth > ----------------------------------------------------------------------------------- > > Key: NIFI-4945 > URL: https://issues.apache.org/jira/browse/NIFI-4945 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework > Affects Versions: 1.5.0 > Environment: alpine docker, openjdk 8, jumpcloud ldp service > Reporter: Matthew Elder > Assignee: Matt Gilman > Priority: Major > Labels: ldap, security, tls > > In Nifi 1.5, START_TLS in combination with LDAP will allow any password > during auth > > This has to do with the login portion of the ldap integration and not the > groups aspect. > > START_TLS accepts any password (huge security hole!) > LDAPS,SIMPLE will not allow any password > > strange! -- This message was sent by Atlassian JIRA (v7.6.3#76005)