A bug in the LDAP Resolver can lead to unauthorized access as an LDAP user. Under certain conditions a rogue user can login as an LDAP user to the privacyIDEA web UI or guess a static password part during authentication when the policy scope=authentication, otppin=userstore is used. Details Preconditions This problem […]
Daily Archives: September 7, 2015
1 post