ldap_integration 5.x-1.5

Downloads

Download tar.gz 30.26 KB

MD5: 541ca5559f6c5c406c356a5f082dc489

SHA-1: 2b7a7162559f973f4671aa7e1b0bddd594dc9758

SHA-256: 15a3ef0d522bec044386334ea20b2ae899b1ffefe897711708885635cd501ca6

Download zip 36.92 KB

MD5: 501767056ec9df548b0ca99e8e21920b

SHA-1: 603f8df73f5ce72b2bcb578197c2cb020752fa30

SHA-256: fd18e45b621adff433e86e19a0f82b60b46a8ae9948859b1c595db639cc1b857

Release notes

This release fixes:
* The LDAP integration module does not implement a confirmation pages for the LDAP server activation/deactivation which could cause a CSRF attack.
* A user defined server name is not properly escaped on the administration pages which might lead to a XSS attacks.
* The user's LDAP data is not properly access controlled before displaying it in the user profile pages which allows unauthorized view of the data.
* Some user management access rules are ignored during the authentication process.

Created by: miglius
Created on: 27 Oct 2009 at 14:38 UTC
Last updated: 28 Oct 2009 at 20:58 UTC

5.x-1.5

Security update

Unsupported

Other releases

View usage statistics for this release

ldap_integration 5.x-1.5

Downloads

Release notes

Other releases

News items

Our community

Documentation

Drupal code base

Governance of community