[Koha-bugs] [Bug 8148] ldap authentication should FAIL if ldap contains NEW password, and user types the PREVIOUS password
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu May 24 15:23:08 CEST 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8148
Chris Nighswonger <cnighswonger at foundations.edu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |cnighswonger at foundations.ed
| |u
Severity|enhancement |critical
--- Comment #1 from Chris Nighswonger <cnighswonger at foundations.edu> ---
Changing this to critical. It really is a security issue. What if the user's
account is compromised, and the sysadmin believes changing it on the LDAP
server fixes it immediately? At the very least some loud documentation of the
real behavior is in order.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list