Displaying 2 results from an estimated 2 matches for "6a7c3035".
2007 Dec 20
1
Security hole #4: Specific LDAP + auth cache configuration may mix up user logins
Somehow I doubt there are any Dovecot setups left that unknowingly have
this problem, but it still counts as a security hole. The possibility to
cause this problem exists in Dovecot v1.0.rc11 and later.
If you use:
1. passdb ldap with settings:
- auth_bind = yes
- auth_bind_userdn = no
- base containing %variables required for unique user identification,
e.g. base = dc=%d,dc=org
-
2007 Dec 20
1
Security hole #4: Specific LDAP + auth cache configuration may mix up user logins
Somehow I doubt there are any Dovecot setups left that unknowingly have
this problem, but it still counts as a security hole. The possibility to
cause this problem exists in Dovecot v1.0.rc11 and later.
If you use:
1. passdb ldap with settings:
- auth_bind = yes
- auth_bind_userdn = no
- base containing %variables required for unique user identification,
e.g. base = dc=%d,dc=org
-