• Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • ldap-plugin
    • None

      With overall read access an anonymous user can use the top right search box to find what LDAP users exist.
      Beginning to enter a name will auto-complete it e.g. "John" auto-completes to "John Doe".

      This gives an anonymous user the opportunity to find the user ids.
      These user ids could then be used to find a user with a weak password.

          [JENKINS-46353] Anonymous user can search for actual users

          Oleg Nenashev added a comment -

          In order to set proper expectation, I have unassigned Kohsuke from this tickets.
          Currently there is no Default assignee in the LDAP plugin, any contributions will be appreciated.

          Oleg Nenashev added a comment - In order to set proper expectation, I have unassigned Kohsuke from this tickets. Currently there is no Default assignee in the LDAP plugin, any contributions will be appreciated.

            Unassigned Unassigned
            mfuchs Matthias Fuchs
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: