APAR status
Closed as program error.
Error description
user "frederic" exists in ldap registry.
When launching the admin console (security ON), the login window
pops up, if the user input "frede*" then the password, it should
NOT complete the name using the * character as a wildcard
completion mecanism, it should only look for the user "frede*"
in ldap, which in this case does not exist, so "frede*" should
be denied access.
Local fix
NONE yet.
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server 5.0 users who *
* have enabled security and configured LDAP as *
* the user registry. *
****************************************************************
* PROBLEM DESCRIPTION: Wild card characters in the login name *
* should not be treated as a wild card *
* character. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
Wild card characters in the login name are not escaped in LDAP
search filters. This can let a user truncate the user name
and still get access to the system as long as the password is
correct. (This does not allow access without a proper
password.)
Problem conclusion
Wild card character in login name in LDAP search filter should
be escaped.
Temporary fix
provided test fix
Comments
APAR information |
APAR number |
PQ77663 |
Reported component name |
WAS NETWRK DEPL |
Reported component ID |
5630A3601 |
Reported release |
00S |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2003-08-20 |
Closed date |
2003-10-29 |
Last modified date |
2003-10-29 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
|