e88a1ba Bug 1347760 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation, etc.

Authored and Committed by nhosoi 3 years ago
    Bug 1347760 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation, etc.
    
    Description:
    1. When an account is inactivated, the error UNWILLING_TO_PERFORM with
       the inactivated message should be returned only when the bind is
       successful.
    2. When SASL bind fails, instead of returning the cause of the failure
       directly to the client, but logging it in the access log.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1347760
    
    Reviewed by wibrown@redhat.com (Thank you, William!)
    
    (cherry picked from commit b8767d510d11c7cbfede24daaae3348b9f028f47)
    
        
file modified
+23 -26