Jean-Baptiste Onofré created KARAF-4892:
-------------------------------------------
Summary: Encode username in LDAPLoginModule to avoid "code"
injection
Key: KARAF-4892
URL: https://issues.apache.org/jira/browse/KARAF-4892
Project: Karaf
Issue Type: Bug
Components: karaf-security
Reporter: Jean-Baptiste Onofré
Assignee: Jean-Baptiste Onofré
Fix For: 4.1.0, 4.0.8
A malicious user can inject "LDAP" code in the username, causing bad behavior
in the LDAP login module.
To prevent this, the LDAP login module should encode the user.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
