PUBLIC - Liferay Portal Community Edition

Non-domain NTLM Authentication - User can login in portal entering wrong password.

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Duplicate
  • Affects Version/s: 5.1.2
  • Fix Version/s: None
  • Component/s: Authentication
  • Labels:
    None
  • Environment:
    tomcat6, vista, windows2003 R2 server domain
  • Similar Issues:
    Show 5 results 

Description

User can login in portal entering wrong password.

I enable NTLM autentication,
and LDAP importing users from my AD.

Open browser (firefox, safari) outside domain
click on sign in and the browser asks for username and password
via browser standard form
now insert a correct username and a wrong password
portal recognize me without checking password

I think this is a big security problem.

How can I force password checking keeping NTLM authentication active?
Am I missing something?

Final note: AD keeps password encripted
and disabling NTLM i cannot login in portal, so i need NTLM.

Regards,
Luca
found was already in forum but cannot find solutions
http://www.liferay.com/web/guest/community/forums/-/message_boards/message/310580

Issue Links

This issue relates:
LPS-7254 User can login in portal entering wrong password thru NTLM Critical Closed

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
cometta added a comment -

same as LPS-3595

Show
cometta added a comment - same as LPS-3595
Hide
Permalink
cometta added a comment -

i post the solution at http://www.liferay.com/web/guest/community/forums/-/message_boards/message/3256505 . pls check is that correct, if ok. please check in to liferay svn

Show
cometta added a comment - i post the solution at http://www.liferay.com/web/guest/community/forums/-/message_boards/message/3256505 . pls check is that correct, if ok. please check in to liferay svn
Hide
Permalink
Roman Kuchvarskyy added a comment -

Have anybody look on this problem?

Show
Roman Kuchvarskyy added a comment - Have anybody look on this problem?
Hide
Permalink
Mika Koivisto added a comment -

I believe this issue has been resolved by LPS-5065

Show
Mika Koivisto added a comment - I believe this issue has been resolved by LPS-5065

People

Vote (0)
Watch (5)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.4#664-r167664) | Report a problem
Powered by a free Atlassian JIRA open source license for Liferay. Try JIRA - bug tracking software for your team.