Do not allow blank passwords when authenticating against LDAP.
Showing with 6 additions and 0 deletions
We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.
|...||...||@@ -144,6 +144,12 @@ class LdapCommon|
|//NET_LDAP2 will do an anonymous bind if bindpw is not set / empty string|
|//which causes all login attempts that involve a blank password to appear|
|//to succeed. Which is obviously not good.|
|$config = $this->get_ldap_config();|
git.gnu.io is graciously hosted by the Free Software Foundation. https://donate.fsf.org