Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1873

LDAP password disclosed on admin page

    XMLWordPrintable

    Details

      Description

      Given

      • I am an Openfire adminstrator
      • I have my Openfire server set up for LDAP

      Then

      • The LDAP password is sent to the browser in plain text (obscured only by a password field) when I view the LDAP settings

      Marked as minor, as it requires admin console access, although could be used in another attack to use that credential or egress that password elsewhere.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              guus Guus der Kinderen
              Reporter:
              danc_surevine Dan Caseley
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: