[JENKINS-13159] Active Directory plugin v1.20 and Jenkins v1.456 allows passwordless authentication

Type: Bug
Resolution: Fixed
Priority: Critical
Component/s: active-directory-plugin
Labels:
Environment:
CentOS 5.1
X86-64
Java 1.6.0_26

Similar Issues:
Powered by SuggestiMate

Show

When using v1.20 of the Active Directory plugin and the latest version of Jenkins (v1.456 as of submission of this bug report) Jenkins allows for password-less authentication.

I realize that v1.20 is an old version of the plugin but many users (including myself) are not upgrading to the latest version due to known bugs with group based LDAP/AD authentication.

We should put a message/disclaimer on the Active Directory wiki page stating that users should upgrade to the latest version to avoid this issue.

Kohsuke Kawaguchi added a comment - 2012-04-26 20:35

There's already security advisory issued for the AD plugin https://groups.google.com/forum/?fromgroups#!topic/jenkinsci-advisories/9XCq0hd0kgo

Kohsuke Kawaguchi added a comment - 2012-04-26 20:35 There's already security advisory issued for the AD plugin https://groups.google.com/forum/?fromgroups#!topic/jenkinsci-advisories/9XCq0hd0kgo

Assignee:: Unassigned

Reporter:: Youssuf ElKalay

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 2012-03-20 17:47

Updated:: 2014-08-28 15:09

Resolved:: 2012-04-26 20:35

Jenkins

Details

Description

Attachments

Activity

Collapse comment: Kohsuke Kawaguchi added a comment - 2012-04-26 20:35

Expand comment: Kohsuke Kawaguchi added a comment - 2012-04-26 20:35

People

Dates