PUBLIC - Liferay Portal Community Edition
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-2032

Non-domain NTLM Authentication - User can login in portal entering wrong password.

    Details

    • Type: Bug Bug
    • Status: Closed
    • Resolution: Duplicate
    • Affects Version/s: 5.1.2
    • Fix Version/s: None
    • Labels:
      None
    • Environment:
      tomcat6, vista, windows2003 R2 server domain
    • Similar Issues:
      Show 4 results 

      Description

      User can login in portal entering wrong password.

      I enable NTLM autentication,
      and LDAP importing users from my AD.

      Open browser (firefox, safari) outside domain
      click on sign in and the browser asks for username and password
      via browser standard form
      now insert a correct username and a wrong password
      portal recognize me without checking password

      I think this is a big security problem.

      How can I force password checking keeping NTLM authentication active?
      Am I missing something?

      Final note: AD keeps password encripted
      and disabling NTLM i cannot login in portal, so i need NTLM.

      Regards,
      Luca
      found was already in forum but cannot find solutions
      http://www.liferay.com/web/guest/community/forums/-/message_boards/message/310580

        Issue Links

          Activity

          Luca Costa created issue -
          Hide
          cometta added a comment -

          same as LPS-3595

          Show
          cometta added a comment - same as LPS-3595
          Hide
          cometta added a comment -

          i post the solution at http://www.liferay.com/web/guest/community/forums/-/message_boards/message/3256505 . pls check is that correct, if ok. please check in to liferay svn

          Show
          cometta added a comment - i post the solution at http://www.liferay.com/web/guest/community/forums/-/message_boards/message/3256505 . pls check is that correct, if ok. please check in to liferay svn
          Hide
          Roman Kuchvarskyy added a comment -

          Have anybody look on this problem?

          Show
          Roman Kuchvarskyy added a comment - Have anybody look on this problem?
          Michael Han made changes -
          Field Original Value New Value
          Workflow Liferay Workflow - version 1.8 [ 172324 ] Greenhopper [ 191165 ]
          Cynthia Wilburn (Inactive) made changes -
          Component/s Authentication [ 10247 ]
          Michael Han made changes -
          Workflow Greenhopper [ 191165 ] Liferay Workflow 2.2 [ 204961 ]
          Daeyoung Song (Inactive) made changes -
          Link This issue relates LPS-7254 [ LPS-7254 ]
          Hide
          Mika Koivisto added a comment -

          I believe this issue has been resolved by LPS-5065

          Show
          Mika Koivisto added a comment - I believe this issue has been resolved by LPS-5065
          Mika Koivisto made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Duplicate [ 3 ]
          Cynthia Wilburn (Inactive) made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Vicki Tsang made changes -
          Workflow Liferay Workflow 2.2 [ 204961 ] LPS Workflow [ 267388 ]
          Andrew Kim made changes -
          Workflow LPS Workflow [ 267388 ] Copy of LPS Workflow [ 409962 ]
          Andrew Kim made changes -
          Workflow Copy of LPS Workflow [ 409962 ] LPS Workflow [ 441583 ]
          Andrew Kim made changes -
          Workflow LPS Workflow [ 441583 ] Copy 2 of LPS Workflow [ 473932 ]
          Andrew Kim made changes -
          Workflow Copy 2 of LPS Workflow [ 473932 ] LPS Workflow [ 505830 ]
          Randy Zhu made changes -
          Workflow LPS Workflow [ 505830 ] PUBLIC - LPS Generic Workflow [ 557598 ]
          Randy Zhu made changes -
          Workflow PUBLIC - LPS Generic Workflow [ 557598 ] Copy of PUBLIC - LPS Generic Workflow [ 591939 ]
          Randy Zhu made changes -
          Workflow Copy of PUBLIC - LPS Generic Workflow [ 591939 ] PUBLIC - LPS Generic Workflow [ 623868 ]
          Randy Zhu made changes -
          Workflow PUBLIC - LPS Generic Workflow [ 623868 ] PUBLIC - LPS General Workflow [ 717933 ]
          Randy Zhu made changes -
          Workflow PUBLIC - LPS General Workflow [ 717933 ] PUBLIC - LPS Bugs Workflow [ 816417 ]
          Esther Sanz made changes -
          Component/s Security [ 10290 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Resolved Resolved
          387d 5h 24m 1 Mika Koivisto 05/Mar/10 6:41 AM
          Resolved Resolved Closed Closed
          312d 4h 14m 1 Cynthia Wilburn (Inactive) 11/Jan/11 10:56 AM

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                5 years, 6 days ago

                Development

                  Structure Helper Panel