Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-73806

[ldap plugin] Do not allow users to authenticate with short passwords in FIPS compliant environments

    • Icon: Task Task
    • Resolution: Done
    • Icon: Minor Minor
    • ldap-plugin
    • None

      When Jenkins is running in FIPS mode (see JEP https://github.com/jenkinsci/jep/tree/master/jep/237) and configured to use an ldap server for authentication it should not allow users to login with short (<112 bit aka 14 character) passwords.

      However a user is able to login as long as the ldap server says the password is ok.

      Jenkins should refuse to authenticate users whose passwords are shorter than 14 characters when in FIPS mode

          [JENKINS-73806] [ldap plugin] Do not allow users to authenticate with short passwords in FIPS compliant environments

          Boris Yao added a comment - - edited

          Boris Yao added a comment - - edited Released here https://github.com/jenkinsci/ldap-plugin/releases/tag/753.v387f5b_3ea_8d0

            borisyaoa Boris Yao
            borisyaoa Boris Yao
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: