Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46353

Anonymous user can search for actual users

    Details

    • Similar Issues:

      Description

      With overall read access an anonymous user can use the top right search box to find what LDAP users exist.
      Beginning to enter a name will auto-complete it e.g. "John" auto-completes to "John Doe".

      This gives an anonymous user the opportunity to find the user ids.
      These user ids could then be used to find a user with a weak password.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mfuchs Matthias Fuchs
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: