Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1873

LDAP password disclosed on admin page

    XMLWordPrintable

    Details

      Description

      Given

      • I am an Openfire adminstrator
      • I have my Openfire server set up for LDAP

      Then

      • The LDAP password is sent to the browser in plain text (obscured only by a password field) when I view the LDAP settings

      Marked as minor, as it requires admin console access, although could be used in another attack to use that credential or egress that password elsewhere.

        Attachments

          Activity

            People

            Assignee:
            guus Guus der Kinderen
            Reporter:
            danc_surevine Dan Caseley
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: