Non-domain NTLM Authentication - User can login in portal entering wrong password.

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Duplicate
Affects Version/s: 5.1.2
Fix Version/s: None
Component/s: Authentication
Labels:
None
Environment:
tomcat6, vista, windows2003 R2 server domain

Similar Issues:

Show 5 results

Description

User can login in portal entering wrong password.

I enable NTLM autentication,
and LDAP importing users from my AD.

Open browser (firefox, safari) outside domain
click on sign in and the browser asks for username and password
via browser standard form
now insert a correct username and a wrong password
portal recognize me without checking password

I think this is a big security problem.

How can I force password checking keeping NTLM authentication active?
Am I missing something?

Final note: AD keeps password encripted
and disabling NTLM i cannot login in portal, so i need NTLM.

Regards,
Luca
found was already in forum but cannot find solutions
http://www.liferay.com/web/guest/community/forums/-/message_boards/message/310580

Issue Links

relates

LPS-7254 User can login in portal entering wrong password thru NTLM

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

cometta added a comment - 04/Jun/09 6:10 PM

same as ~~LPS-3595~~

Show

cometta added a comment - 04/Jun/09 6:10 PM same as LPS-3595

Hide

Permalink

cometta added a comment - 07/Jun/09 8:56 PM

i post the solution at http://www.liferay.com/web/guest/community/forums/-/message_boards/message/3256505 . pls check is that correct, if ok. please check in to liferay svn

Show

cometta added a comment - 07/Jun/09 8:56 PM i post the solution at http://www.liferay.com/web/guest/community/forums/-/message_boards/message/3256505 . pls check is that correct, if ok. please check in to liferay svn

Hide

Permalink

Roman Kuchvarskyy added a comment - 21/Jul/09 1:23 AM

Have anybody look on this problem?

Show

Roman Kuchvarskyy added a comment - 21/Jul/09 1:23 AM Have anybody look on this problem?

Michael Han made changes - 19/Sep/09 7:33 AM

Field	Original Value	New Value
Workflow	Liferay Workflow - version 1.8 [ 172324 ]	Greenhopper [ 191165 ]

Cynthia Wilburn made changes - 02/Oct/09 10:39 PM

Component/s

Authentication [ 10247 ]

Michael Han made changes - 10/Oct/09 4:34 PM

Workflow

Greenhopper [ 191165 ]

Liferay Workflow 2.2 [ 204961 ]

Daeyoung Song made changes - 21/Jan/10 6:50 PM

Link

This issue relates ~~LPS-7254~~ [ ~~LPS-7254~~ ]

Hide

Permalink

Mika Koivisto added a comment - 05/Mar/10 6:41 AM

I believe this issue has been resolved by ~~LPS-5065~~

Show

Mika Koivisto added a comment - 05/Mar/10 6:41 AM I believe this issue has been resolved by LPS-5065

Mika Koivisto made changes - 05/Mar/10 6:41 AM

Status	Open [ 1 ]	Resolved [ 5 ]
Resolution		Duplicate [ 3 ]

Cynthia Wilburn made changes - 11/Jan/11 10:56 AM

Status

Resolved [ 5 ]

Closed [ 6 ]

Vicki Tsang made changes - 19/Nov/11 3:11 AM

Workflow

Liferay Workflow 2.2 [ 204961 ]

LPS Workflow [ 267388 ]

Andrew Kim made changes - 04/Feb/13 2:49 PM

Workflow

LPS Workflow [ 267388 ]

Copy of LPS Workflow [ 409962 ]

Andrew Kim made changes - 04/Feb/13 4:00 PM

Workflow

Copy of LPS Workflow [ 409962 ]

LPS Workflow [ 441583 ]

Andrew Kim made changes - 11/Feb/13 4:35 PM

Workflow

LPS Workflow [ 441583 ]

Copy 2 of LPS Workflow [ 473932 ]

Andrew Kim made changes - 11/Feb/13 6:06 PM

Workflow

Copy 2 of LPS Workflow [ 473932 ]

LPS Workflow [ 505830 ]

Randy Zhu made changes - 01/May/13 10:38 PM

Workflow

LPS Workflow [ 505830 ]

PUBLIC - LPS Generic Workflow [ 557598 ]

Randy Zhu made changes - 17/May/13 10:57 AM

Workflow

PUBLIC - LPS Generic Workflow [ 557598 ]

Copy of PUBLIC - LPS Generic Workflow [ 591939 ]

Randy Zhu made changes - 17/May/13 12:55 PM

Workflow

Copy of PUBLIC - LPS Generic Workflow [ 591939 ]

PUBLIC - LPS Generic Workflow [ 623868 ]

Transition

Time In Source Status

Execution Times

Last Executer

Last Execution Date

Open

Resolved

387d 5h 24m

Mika Koivisto

05/Mar/10 6:41 AM

Resolved

Closed

312d 4h 14m

Cynthia Wilburn

11/Jan/11 10:56 AM

People

Assignee:

SE Support

Reporter:

Luca Costa

Participants of an Issue:

cometta, Luca Costa, Mika Koivisto, Roman Kuchvarskyy, SE Support

Vote (0)

Watch (5)

Dates

Created:

11/Feb/09 1:16 AM

Updated:

11/Jan/11 10:56 AM

Resolved:

05/Mar/10 6:41 AM

Days since last comment:

3 years, 15 weeks, 5 days ago

Agile

View on Board

~~LPS-7254~~	User can login in portal entering wrong password thru NTLM
~~LPS-625~~	Problem with NTLM Authentication
LPS-30274	Add NTLM Authentication to Sharepoint Repository
~~LPS-6069~~	NTLM authentication will not allow users to log in when using multiple browsers
~~LPS-3595~~	ntlmautologin.java only verify username not password