Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-73806

[ldap plugin] Do not allow users to authenticate with short passwords in FIPS compliant environments

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Minor Minor
    • ldap-plugin
    • None

      When Jenkins is running in FIPS mode (see JEP https://github.com/jenkinsci/jep/tree/master/jep/237) and configured to use an ldap server for authentication it should not allow users to login with short (<112 bit aka 14 character) passwords.

      However a user is able to login as long as the ldap server says the password is ok.

      Jenkins should refuse to authenticate users whose passwords are shorter than 14 characters when in FIPS mode

          [JENKINS-73806] [ldap plugin] Do not allow users to authenticate with short passwords in FIPS compliant environments

          Boris Yao created issue -
          Boris Yao made changes -
          Assignee New: Boris Yao [ borisyaoa ]
          Boris Yao made changes -
          Summary Original: [ldap plugin] Do not allow users to authenticate with short passwords in FIPS compliance environments New: [ldap plugin] Do not allow users to authenticate with short passwords in FIPS compliant environments
          Boris Yao made changes -
          Description Original: When Jenkins is running in FIPS mode (see JEP https://github.com/jenkinsci/jep/tree/master/jep/237) and configured to use an ldap server for authentication it should not allow users to login with short (<112 bit aka 14 character) passwords.

          However a user is able to login as long as the ldap server says the password is ok.

          Jenkins should refuse to authenticate users when in FIPS mode whose passwords are shorter than 14 characters           		New: When Jenkins is running in FIPS mode (see JEP [https://github.com/jenkinsci/jep/tree/master/jep/237]) and configured to use an ldap server for authentication it should not allow users to login with short (<112 bit aka 14 character) passwords.

          However a user is able to login as long as the ldap server says the password is ok.

          Jenkins should refuse to authenticate users whose passwords are shorter than 14 characters when in FIPS mode
          Boris Yao made changes -
          Remote Link New: This issue links to "PR (Web Link)" [ 30010 ]
          Andra Maria Puscas made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Andra Maria Puscas made changes -
          Status Original: In Progress [ 3 ] New: Open [ 1 ]
          Boris Yao made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Boris Yao made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Boris Yao made changes -
          Resolution New: Done [ 10000 ]
          Status Original: In Review [ 10005 ] New: Resolved [ 5 ]
          Boris Yao made changes -
          Status Original: Resolved [ 5 ] New: Closed [ 6 ]

            borisyaoa Boris Yao
            borisyaoa Boris Yao
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: