Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-29280

Chrome browser username autofill adds username as bindName in LDAP

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • active-directory-plugin
    • None
    • Jenkins 1.580 on CentOs
      ActiveDirectory plugin 1.39
      Chrome browser ver 43.0.235

      Jenkins 2.46.1 on Ubuntu 16.04.2 LTS
      ActiveDirectory plugin 2.4
      Chrome browser ver 57.0.2987.133

      Jenkins 2.46.2
      AD plugin 2.4

      Chromes auto-fill , populates the username and password of any user who has logged in to Jenkins into the 'bindName' , 'bindPassword' field in the Advanced section of 'Active Directory' under Configure Global Security .

      As a result , on saving this ( without noticing ) , no users are able to login .

      The only way to fix this was to manually edit the config.xml to remove the erroneous <bindName> and restart the Jenkins instance .

      Am calling this a bug due to the disruptive nature of the issue ( which called for a restart of the Jenkins service )

      This happens silently as the 'Advanced fields' are not expanded and thus not seen by default .

      Autocomplete/autopopulate should be blocked for the fields in Active Directory plugin to prevent such cases .

      Thanks
      Taher .

          [JENKINS-29280] Chrome browser username autofill adds username as bindName in LDAP

          Taher K F created issue -
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 164150 ] New: JNJira + In-Review [ 181528 ]
          Andrew Bayer made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          Mayestril made changes -
          Resolution Original: Fixed [ 1 ]
          Status Original: Resolved [ 5 ] New: Reopened [ 4 ]
          Fabrizio Cucci made changes -
          Priority Original: Minor [ 4 ] New: Major [ 3 ]
          Fabrizio Cucci made changes -
          Comment [ Unfortunately, it happened to me as well and, in my opinion, the severity of this issue should be raised. It can't be acceptable to being locked out only for having the auto-fill enabled in the browser.

          Jenkins 2.46.2

          Chrome 58.0.3029.110

          LDAP Plugin 1.15 ]
          Fabrizio Cucci made changes -
          Priority Original: Major [ 3 ] New: Minor [ 4 ]
          Laura Phelan made changes -
          Environment Original: Jenkins 1.580 on CentOs
          ActiveDirectory plugin 1.39
          Chrome browser ver 43.0.235           		New: Jenkins 1.580 on CentOs
          ActiveDirectory plugin 1.39
          Chrome browser ver 43.0.235

          Jenkins 2.46.1 on Ubuntu 16.04.2 LTS
          ActiveDirectory plugin 2.4
          Chrome browser ver 57.0.2987.133
          Laura Phelan made changes -
          Environment Original: Jenkins 1.580 on CentOs
          ActiveDirectory plugin 1.39
          Chrome browser ver 43.0.235

          Jenkins 2.46.1 on Ubuntu 16.04.2 LTS
          ActiveDirectory plugin 2.4
          Chrome browser ver 57.0.2987.133

          		 New: Jenkins 1.580 on CentOs
          ActiveDirectory plugin 1.39
          Chrome browser ver 43.0.235

          Jenkins 2.46.1 on Ubuntu 16.04.2 LTS
          ActiveDirectory plugin 2.4
          Chrome browser ver 57.0.2987.133

          Jenkins 2.46.2
          AD plugin 2.4

            Unassigned Unassigned
            taherkf Taher K F
            Votes:
            13 Vote for this issue
            Watchers:
            17 Start watching this issue

              Created:
              Updated: