[Date Prev][Date Next] [Chronological] [Thread] [Top]

Security issue : userPassword is shown

To: openldap-technical@openldap.org
Subject: Security issue : userPassword is shown
From: Paul Lee <paul@hk.fujitsu.com>
Date: Thu, 23 Oct 2008 09:58:16 +0800
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Hi all,

I use a 3rd party LDAP browser to browse the users that I created. I can see the userPassword clearly (plain text).

Is there any way to avoid this ?

When I use slapcat command to export to LDIF file, the userPassword field is encrypted, but why using 3rd party browser will show the password in plain text ?

Thanks

Confidential Communication - This e-mail (including any attachments) is confidential and may be legally privileged. If this e-mail has been sent to you by mistake please inform us by reply e-mail and then delete the e-mail, destroy any printed copy and do not disclose or use the information in it.

Follow-Ups:
- Re: Security issue : userPassword is shown
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: Security issue : userPassword is shown
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: Security issue : userPassword is shown
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Case sensitive uid attribute
Next by Date: Re: Security issue : userPassword is shown
Index(es):
- Chronological
- Thread