Opened 8 years ago
Closed 8 years ago
#1578 closed defect (wontfix)
OSGeo LDAP contains spam accounts
| Reported by: | darkblueb | Owned by: | |
|---|---|---|---|
| Priority: | critical | Milestone: | |
| Component: | SysAdmin | Keywords: | LDAP |
| Cc: |
Description
reported by Martin Spott ..
- can we characterize the attributes ? what groups and what privelages
- can new spam account creation be stopped
- can we characterize the attack vector ? how did they get there
also see ticket #165
Change History (3)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
This ticket became relevant again these days. See also #1665
What are "Q", "R" and "S" in the original ticket description ?
Note:
See TracTickets
for help on using tickets.
Note that I said "fake" accounts, not "spam".
Remember that creating OSGeo LDAP user ID's has been kept very simple by intention, not just by accident. I don't think there's a particular "attack", they're just using the form we provide.
OSGeo LDAP currently has approx. 18k user ID's, but, as far as I understand, most of these are not members of any of our project or shell groups.