-
Bug
-
Resolution: Duplicate
-
High
-
None
-
None
-
None
-
None
When using the feature 'Delegating Stash authentication to an LDAP directory' with the copy users on login option, users still have the ability to edit their user account details. In effect this presents a vulnerability whereby one user could spoof another by changing their display name and email address to that of the other user.
While this could be ultimately detected by referral to the username associated with an update this still represents a genuine opportunity for malicious or fraudulent activity to be masked.
We need a fix that ensures that user profile details are fixed/maintained when using this mode in the same they are when connecting Stash to an existing LDAP Directory and syncing users in a specific user group.
- is duplicated by
-
BSERV-2995 Provide an option to configure auto updating users when using LDAP Delegated Users Directory
- Closed