SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
MantisBT - Endian Firewall | ||||||||||
View Issue Details | ||||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | |||||
0004291 | Endian Firewall | OpenVPN Client and Server | public | 2012-03-05 13:46 | 2012-07-09 09:21 | |||||
Reporter | atlaware | |||||||||
Assigned To | lorenzo-endian | |||||||||
Priority | normal | Severity | major | Reproducibility | always | |||||
Status | feedback | Resolution | reopened | |||||||
Platform | OS | OS Version | ||||||||
Product Version | 2.4.1 | |||||||||
Target Version | Fixed in Version | |||||||||
Customer Importance | ||||||||||
Customer Occurrences | ||||||||||
Queue | ||||||||||
Summary | 0004291: openvpn ldap authentication success with BLANK password and existing username | |||||||||
Description | Hi, with openvpn configured with ldap authentication (https://endian.zendesk.com/entries/20655202-ssl-vpn-how-to-authenticate-vpn-users-with-active-directory [^]) login has success with blank password and correct username (existing). If username or password are wrong, login gives an authentication error, but if username is correct and password is empty authentication success. I have tested with 2.4.1 but another user has found the same bug in 2.5.0 (https://endian.zendesk.com/entries/20655202-ssl-vpn-how-to-authenticate-vpn-users-with-active-directory [^]) <- see comments setting file attached. | |||||||||
Steps To Reproduce | ||||||||||
Additional Information | A temporary solution (grab from user jesus christ in endian forum) is to add this code: if password =='': logger.info ("FAILED to authenticate user '% s'."% (username)) unlink (filename) sys.exit (1) befor line: "authBy = authenticate(username, password)" in file /usr/bin/openvpn-auth or this for 2.5.0 version: if password == '': logger.info("FAILED to authenticate user '%s'." % (username)) return 1 But the problem is in auth ldap module that return true login without password. | |||||||||
Tags | No tags attached. | |||||||||
Relationships |
| |||||||||
Attached Files | ![]() https://bugs.endian.com/file_download.php?file_id=918&type=bug | |||||||||
Issue History | ||||||||||
Date Modified | Username | Field | Change | |||||||
2012-03-05 13:46 | atlaware | New Issue | ||||||||
2012-03-05 13:46 | atlaware | File Added: settings.txt | ||||||||
2012-04-02 09:37 | christian-endian | Status | new => resolved | |||||||
2012-04-02 09:37 | christian-endian | Resolution | open => fixed | |||||||
2012-04-02 09:37 | christian-endian | Assigned To | => christian-endian | |||||||
2012-06-13 14:53 | lorenzo-endian | Assigned To | christian-endian => lorenzo-endian | |||||||
2012-06-13 14:53 | lorenzo-endian | Note Added: 0007912 | ||||||||
2012-06-13 14:53 | lorenzo-endian | Status | resolved => feedback | |||||||
2012-06-13 14:53 | lorenzo-endian | Resolution | fixed => reopened | |||||||
2012-07-09 08:22 | daniele-endian | Relationship added | child of 0004349 | |||||||
2012-07-09 08:23 | daniele-endian | Relationship deleted | child of 0004349 | |||||||
2012-07-09 09:21 | daniele-endian | Relationship added | parent of 0004349 |
Notes | |||||
|
|||||
|
|