Successful LDAP authentication with wildcard Login

Description

I have a CAS server configured with a LDAP authentication handler like this :

<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
<property name="filter" value="uid=%u" />
...
</bean>

When i enter a login with * wildcard character (e.g. 'mu*' instead of 'murray') with a correct password, authentication is successful (which can be a security hole).

The issue seems to be in the org.jasig.cas.util.LdapUtils#getFilterWithValues() method.

For information, if i replace
final String value = LdapEncoder.nameEncode(properties.get(key));
by
final String value = LdapEncoder.filterEncode(properties.get(key));
the issue is fixed

Environment

None

Activity

Show:
Marvin Addison
February 28, 2014, 2:15 PM

Thanks for filing this issue. I will attempt to reproduce and add test coverage for this case. Not sure if a fix will make the 3.4.x branch, but 3.5.x for sure. I should note that this does not affect 4.0 since we're using a new LDAP provider, ldaptive, which performs search filter construction differently.

Marvin Addison
March 5, 2014, 4:32 PM
Edited

Pull request with proposed fix above:

https://github.com/Jasig/cas/pull/411

I have verified this fixes the reported behavior. Here are some logs from testing with the VT overlay.

Before

Note multiple results are returned, which would be expected since the wildcard character is not escaped. Multiple search results are prevented by default in CAS, which arguably provides adequate protection in most cases.

After

Note here that the wildcard character is properly escaped.

Misagh Moayyed
July 15, 2014, 7:10 AM

All Open JIRA issues are now moved to Github, and tracked under Github Issues. The migration is now complete. Please use Github issue tracking to file and track issues. JIRA issues will be closed.

The URL address for Github issues of the CAS project is:
https://github.com/Jasig/cas/issues

Assignee

Marvin Addison

Reporter

Antoine Mollard

Labels

None

Estimated End Date

None

Components

Affects versions

Priority

Major
Configure