Hi, On Mon, Feb 2, 2009 at 9:48 AM, Stefan Woehrer <[email protected]> wrote: > > Hi, > > we just upgraded our XWiki from 1.3.2 to 1.7.1. > Right afterwards the firewall registers LDAP-Packages from the XWiki mashine > as an attack, saying: > > "A malicious LDAP packet may indicate a potential attack. An attacker could > use a modified LDAP message to cause buffer overflows on defective systems > and execute arbitary code. (LDAP message contains malicious data which does > not comply with ASN.1)" > > It seems that it has something to to with the changings made since 1.3.2. Is > that possible?
By default 1.7.1 use the new XWiki LDAP authenticator when 1.3.2 use the old one. See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HLDAPAuthentication Now on the technical details it's using exactly the same Novell ldap client implementation and the differences are more on the XWiki side so I don't see why it would suddenly send wrong datas. > > Greetings, > Steve > -- > View this message in context: > http://n2.nabble.com/LDAP-Login-changes-in-new-version-tp2257004p2257004.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
