Recent Changes - Search:

PITS main list

edit sidebar

Main sidebar

PmWiki

pmwiki.org

00739

Summary: Authentication failure results in PHP error message in addition to auth fail message.
Created: 2006-05-18 14:34
Status: Closed - fixed for 2.1.7
Category: Bug
Assigned:
Priority: 4
Version: 2.1.5
OS: Fedora Core 4/Apache 2.2.2/PHP 5.1.4

Description: An authentication failure where the username is correct, but the password is incorrect, where LDAP authentication is in use, results in an error message, with the following text, at the top of the page:

Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Invalid credentials in <path>/scripts/authuser.php on line 126

Warning: Cannot modify header information - headers already sent by (output started at <path>/scripts/authuser.php:126) in <path>/pmwiki.php on line 858

This is a serious bug in part because of the information exposure that the username is valid.

Note that anonymous binds are permitted for this LDAP server, and that no DN/password has been specified for use by PmWiki in the configuration file.

Edit - History - Print - Recent Changes - Search
Page last modified on September 10, 2011, at 11:56 AM