Matthew Elder created NIFI-4945:
-----------------------------------
Summary: In Nifi 1.5, START_TLS in combination with LDAP will
allow any password during auth
Key: NIFI-4945
URL: https://issues.apache.org/jira/browse/NIFI-4945
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework
Affects Versions: 1.5.0
Environment: alpine docker, openjdk 8, jumpcloud ldp service
Reporter: Matthew Elder
In Nifi 1.5, START_TLS in combination with LDAP will allow any password during
auth
This has to do with the login portion of the ldap integration and not the
groups aspect.
START_TLS accepts any password (huge security hole!)
LDAPS,SIMPLE will not allow any password
strange!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
