Posted by miglius on October 27, 2009 at 2:38pm
| Download | Size | md5 hash |
|---|---|---|
| ldap_integration-5.x-1.5.tar.gz | 30.26 KB | 541ca5559f6c5c406c356a5f082dc489 |
| ldap_integration-5.x-1.5.zip | 36.92 KB | 501767056ec9df548b0ca99e8e21920b |
Last updated: December 24, 2010 - 23:16
This release fixes:
* The LDAP integration module does not implement a confirmation pages for the LDAP server activation/deactivation which could cause a CSRF attack.
* A user defined server name is not properly escaped on the administration pages which might lead to a XSS attacks.
* The user's LDAP data is not properly access controlled before displaying it in the user profile pages which allows unauthorized view of the data.
* Some user management access rules are ignored during the authentication process.