Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-36047

LDAP Username and Password Disclosure - Embedded Crowd

    XMLWordPrintable

Details

    Description

      NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

      LDAP directory credentials can be found when viewing the source of /plugins/servlet/embedded-crowd/configure/delegatingldap/. It is possible for an attacker to obtain these credentials using either cross site scripting or after gaining administrative access. These details can then be used to extend their access on the current or additional machines on the network.

      Attachments

        Issue Links

          has a regression in

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-38149 When editing an existing Crowd directory to change the application password, the application password value is reset to the old value after clicking "Test Settings"

          • Low - Low priority issues
          • Closed
          is cloned from

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-29656 LDAP Username and Password Disclosure - Embedded Crowd

          • Medium - Medium priority issues
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONFCLOUD-36047 LDAP Username and Password Disclosure - Embedded Crowd

          • Medium - Medium priority issues
          • Closed
          duplicates

          EMBCWD-958 Loading...

          mentioned in

          Page Loading...

          Activity

            People

              ohernandez@atlassian.com Oswaldo Hernandez (Inactive)
              62bfdf5269c6 highjack
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: