PUBLIC - Liferay Portal Community Edition
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-2032

Non-domain NTLM Authentication - User can login in portal entering wrong password.

    Details

    • Type: Bug Bug
    • Status: Closed
    • Resolution: Duplicate
    • Affects Version/s: 5.1.2
    • Fix Version/s: None
    • Labels:
      None
    • Environment:
      tomcat6, vista, windows2003 R2 server domain
    • Similar Issues:
      Show 4 results 

      Description

      User can login in portal entering wrong password.

      I enable NTLM autentication,
      and LDAP importing users from my AD.

      Open browser (firefox, safari) outside domain
      click on sign in and the browser asks for username and password
      via browser standard form
      now insert a correct username and a wrong password
      portal recognize me without checking password

      I think this is a big security problem.

      How can I force password checking keeping NTLM authentication active?
      Am I missing something?

      Final note: AD keeps password encripted
      and disabling NTLM i cannot login in portal, so i need NTLM.

      Regards,
      Luca
      found was already in forum but cannot find solutions
      http://www.liferay.com/web/guest/community/forums/-/message_boards/message/310580

        Issue Links

          Activity

          Hide
          cometta added a comment -

          same as LPS-3595

          Show
          cometta added a comment - same as LPS-3595
          Hide
          cometta added a comment -

          i post the solution at http://www.liferay.com/web/guest/community/forums/-/message_boards/message/3256505 . pls check is that correct, if ok. please check in to liferay svn

          Show
          cometta added a comment - i post the solution at http://www.liferay.com/web/guest/community/forums/-/message_boards/message/3256505 . pls check is that correct, if ok. please check in to liferay svn
          Hide
          Roman Kuchvarskyy added a comment -

          Have anybody look on this problem?

          Show
          Roman Kuchvarskyy added a comment - Have anybody look on this problem?
          Hide
          Mika Koivisto added a comment -

          I believe this issue has been resolved by LPS-5065

          Show
          Mika Koivisto added a comment - I believe this issue has been resolved by LPS-5065

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                5 years, 7 weeks ago

                Development

                  Structure Helper Panel