The server URL(or hostname) of user directory may be exposed when crowd(LDAP) is down

XMLWordPrintable

    • 11.03
    • Severity 3 - Minor

      Issue Summary

      The server URL(or hostname) of user directory may be exposed when Crowd is down(or having connection problem).
      It is a risk to expose the internal setting of LDAP's URL(or hostname) to outside.

      Steps to Reproduce

      1. Having a Jira environment, connecting to Crowd as user directory
      2. Stop Crowd
      3. Login with a Crowd user from Jira login form

      Expected Results

      Showing the message of "Incorrect username or password", since Crowd is not able to provide authentication.

      Actual Results

      The server URL(or hostname) of user directory exposed by below error message.

      com.atlassian.crowd.exception.runtime.OperationFailedException: The following URL does not specify a valid Crowd User Management REST service: http://abc.abc.com/crowd/rest/usermanagement/1/authentication?username=abc

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

              Assignee:
              Unassigned
              Reporter:
              Rick Li
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: