- Date Released:
- April 18 2023
This update resolves an authentication vulnerability (CVE-2023-29484) where, given specific conditions, an LDAP user with an incorrectly configured LDAP identifier could log into the Terminalfour platform using an invalid password.
By default, an imported LDAP user would have the correct LDAP identifier set. To exploit this vulnerability the LDAP identifier of an importer user would need to have been manually altered to an incorrect value.
With this release, a user with an incorrectly set LDAP identifier is no longer able to log into the Terminalfour platform with an incorrect password.
|Bug||Authentication||Authentication issue: LDAP users with incorrectly configured identifiers can login with incorrect passwords||P1||RDSM-36840|
Please note that the priorities assigned to bugs differ from those assigned to Client Support tickets:
- P1 - Major rework of product.
- P2 - Major performance change.
- P3 - Regular priority change.
- P4 - Minor change.
- Trivial - Very minor UI changes.