-
Bug
-
Resolution: Fixed
-
High
-
3.1.1, 3.4.3
-
1
-
Severity 3 - Minor
-
Issue Summary
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP.
Environment
Crowd 3.x.x
OpenLDAP
Steps to Reproduce
- Install Crowd 3.1.1 and connect with OpenLDAP directory.
- Synchronise the OpenLDAP directory.
- Disable one of the user from OpenLDAP directory.
- Generate the XML Backup.
- Upgrade Crowd by following the steps in Upgrading Crowd via XML Data Transfer
Expected Results
OpenLDAP user remain disabled
Actual Results
OpenLDAP user reactivate after the upgrade.
Audit Logs shows that the user is synchronised from OpenLDAP and recreated in crowd as Active user:
Workaround
Upgrade Crowd using Method 1: Automatic database upgrade
Upgrading Crowd via XML Data Transfer reactivate disabled user from OpenLDAP - CVE-2019-20902
-
-
Resolution: Fixed
-
High
-
3.1.1, 3.4.3
-
1
-
Severity 3 - Minor
-
Issue Summary
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP.
Environment
Crowd 3.x.x
OpenLDAP
Steps to Reproduce
- Install Crowd 3.1.1 and connect with OpenLDAP directory.
- Synchronise the OpenLDAP directory.
- Disable one of the user from OpenLDAP directory.
- Generate the XML Backup.
- Upgrade Crowd by following the steps in Upgrading Crowd via XML Data Transfer
Expected Results
OpenLDAP user remain disabled
Actual Results
OpenLDAP user reactivate after the upgrade.
Audit Logs shows that the user is synchronised from OpenLDAP and recreated in crowd as Active user:
Workaround
Upgrade Crowd using Method 1: Automatic database upgrade
-
Szczepan (Inactive)
-
- Votes:
-
0 Vote for this issue
- Watchers:
-
3 Start watching this issue
- Created:
- Updated:
- Resolved: