#3782 Don't expose certain attributes in LDAP updater
Closed: Fixed None Opened 10 years ago by rcritten.

I noticed that the potential to display certain sensitive attributes was possible in the LDAP updater. When making changes we display the initial and final full entries, including any passwords or hashes that may be there.

Up to now we haven't made any updates to such entries, so there has been no known disclosure to date. Even so, it would be logged to a root-readable file only.


Moving open tickets to next month bucket.

Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 3.2.x - 2013/07 (bug fixing)

7 years ago

Login to comment on this ticket.

Metadata