OpenStack Identity (keystone)

  1. Series folsom
  2. Bug #1187305
  3. Comment #10

Comment 10 for bug 1187305

Revision history for this message
Adam Young (ayoung) wrote : Re: LDAP vulnerability when checking user credentials

OK, so the problem is https://github.com/openstack/keystone/blob/master/keystone/common/ldap/core.py#L223

Which is there to support anonymous binding for the Administrator account. If the end user skips the password, and the system is set up to do anonymous binding, then it bypasses simple bind.