Support Forum

by **victor** » Thu Nov 20, 2003 4:49 pm

Hello,

I have detected a problem: I can login like root without write a password (if I write a wrong password I cant login).

I tried modifing the root name (Admin) to check if this could be that LDAP has a Admin user registered with password null.
I tried if I can login like other user without write a password.

None of this trials worked. I only have found the root without password backdoor.

Thanks

by **admin** » Thu Nov 20, 2003 5:11 pm

victor wrote:Hello,

I have detected a problem: I can login like root without write a password (if I write a wrong password I cant login).

I tried modifing the root name (Admin) to check if this could be that LDAP has a Admin user registered with password null.
I tried if I can login like other user without write a password.

None of this trials worked. I only have found the root without password backdoor.

Thanks

Just check it with hosted service - all works fine for me. Please send me debug logs by e-mail

Website · by **mvasenkov** » Thu Nov 20, 2003 5:17 pm

Very strange situation. I can't login in to my own test instance without a password.
TrackStudio wrote all logon process information into log (without passwords). Can you please send this information to Maxim?

by **victor** » Thu Nov 20, 2003 6:52 pm

mvasenkov wrote:Very strange situation. I can't login in to my own test instance without a password.
TrackStudio wrote all logon process information into log (without passwords). Can you please send this information to Maxim?

I checked the log I dont found nothing abnormal...

I commented to Maxim that I found a problem using LDAP:

If I try to login like a user that is not registered in LDAP and I dont write a password TS leave me login.

by **admin** » Thu Nov 20, 2003 7:30 pm

victor wrote:
mvasenkov wrote:Very strange situation. I can't login in to my own test instance without a password.
TrackStudio wrote all logon process information into log (without passwords). Can you please send this information to Maxim?

I checked the log I dont found nothing abnormal...

I commented to Maxim that I found a problem using LDAP:

If I try to login like a user that is not registered in LDAP and I dont write a password TS leave me login.

OK, we'll check and fix this bug ASAP.

by **victor** » Thu Nov 20, 2003 7:34 pm

admin wrote:OK, we'll check and fix this bug ASAP.

Thanks,

But I dont know yet if this is a TS bug or a problem with our ActiveDirectory/LDAP: maybe you are receiving an 'user-not-found' indication from LDAP and this joined to the null password do that TS run in bug, OR maybe our LDAP is telling to TS 'ok-all-is-fine' when an unknown user with a null password is queried, I dont know.

by **admin** » Thu Nov 20, 2003 7:37 pm

victor wrote:
admin wrote:OK, we'll check and fix this bug ASAP.

Thanks,

But I dont know yet if this is a TS bug or a problem with our ActiveDirectory/LDAP: maybe you are receiving an 'user-not-found' indication from LDAP and this joined to the null password do that TS run in bug, OR maybe our LDAP is telling to TS 'ok-all-is-fine' when an unknown user with a null password is queried, I dont know.

I think that this can be bug with library that we use to work with LDAP. I already have strange situation when I click "Test connection" and they report that all OK, but requested IP even not exists in network.

by **victor** » Thu Nov 20, 2003 7:40 pm

I think that we could take a short way trying to reproduce my problem over a confiable LDAP installation (my installation is ActiveDirectory/LDAP and poorly administrated).

by **victor** » Mon Nov 24, 2003 3:23 pm

Hello,

Have you reproduced the problem?

Any solution?

Thanks,

by **admin** » Mon Nov 24, 2003 4:51 pm

victor wrote:Hello,

Have you reproduced the problem?

Any solution?

Thanks,

This problem still in process, sorry.

Support Forum

Root login without password backdoor

Root login without password backdoor

Re: Root login without password backdoor

Who is online