[ https://issues.apache.org/jira/browse/NIFI-4945?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andy LoPresto updated NIFI-4945: -------------------------------- Resolution: Fixed Fix Version/s: 1.6.0 Status: Resolved (was: Patch Available) > In Nifi 1.5, START_TLS in combination with LDAP will allow any password > during auth > ----------------------------------------------------------------------------------- > > Key: NIFI-4945 > URL: https://issues.apache.org/jira/browse/NIFI-4945 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework > Affects Versions: 1.5.0 > Environment: alpine docker, openjdk 8, jumpcloud ldp service > Reporter: Matthew Elder > Assignee: Matt Gilman > Priority: Major > Labels: ldap, security, tls > Fix For: 1.6.0 > > > In Nifi 1.5, START_TLS in combination with LDAP will allow any password > during auth > > This has to do with the login portion of the ldap integration and not the > groups aspect. > > START_TLS accepts any password (huge security hole!) > LDAPS,SIMPLE will not allow any password > > strange! -- This message was sent by Atlassian JIRA (v7.6.3#76005)