[
https://issues.apache.org/jira/browse/NIFI-4945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16393452#comment-16393452
]
ASF subversion and git services commented on NIFI-4945:
-------------------------------------------------------
Commit 8f6645445578019ecf7a20f6522df0043cefce22 in nifi's branch
refs/heads/master from [~mcgilman]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=8f66454 ]
NIFI-4945:
- Upgrading spring security version.
This closes #2524.
Signed-off-by: Andy LoPresto <alopre...@apache.org>
> In Nifi 1.5, START_TLS in combination with LDAP will allow any password
> during auth
> -----------------------------------------------------------------------------------
>
> Key: NIFI-4945
> URL: https://issues.apache.org/jira/browse/NIFI-4945
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.5.0
> Environment: alpine docker, openjdk 8, jumpcloud ldp service
> Reporter: Matthew Elder
> Assignee: Matt Gilman
> Priority: Major
> Labels: ldap, security, tls
>
> In Nifi 1.5, START_TLS in combination with LDAP will allow any password
> during auth
>
> This has to do with the login portion of the ldap integration and not the
> groups aspect.
>
> START_TLS accepts any password (huge security hole!)
> LDAPS,SIMPLE will not allow any password
>
> strange!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
