ldap_integration 5.x-1.5
miglius - October 27, 2009 - 14:38
Official release from CVS tag: DRUPAL-5--1-5
First released: October 27, 2009 - 14:38
First released: October 27, 2009 - 14:38
Download: ldap_integration-5.x-1.5.tar.gz
Size: 30.26 KB
md5_file hash: 541ca5559f6c5c406c356a5f082dc489
Last updated: October 27, 2009 - 14:41
View usage statistics for this releaseSize: 30.26 KB
md5_file hash: 541ca5559f6c5c406c356a5f082dc489
Last updated: October 27, 2009 - 14:41
This release fixes:
* The LDAP integration module does not implement a confirmation pages for the LDAP server activation/deactivation which could cause a CSRF attack.
* A user defined server name is not properly escaped on the administration pages which might lead to a XSS attacks.
* The user's LDAP data is not properly access controlled before displaying it in the user profile pages which allows unauthorized view of the data.
* Some user management access rules are ignored during the authentication process.