Opened 6 years ago

Closed 5 years ago

#1578 closed defect (wontfix)

OSGeo LDAP contains spam accounts

Reported by: darkblueb Owned by: sac@…
Priority: critical Milestone:
Component: Systems Admin Keywords: LDAP
Cc:

Description

reported by Martin Spott ..

  1. can we characterize the attributes ? what groups and what privelages
  2. can new spam account creation be stopped
  3. can we characterize the attack vector ? how did they get there

also see ticket #165

Change History (3)

comment:1 Changed 6 years ago by martin

Note that I said "fake" accounts, not "spam".

Remember that creating OSGeo LDAP user ID's has been kept very simple by intention, not just by accident. I don't think there's a particular "attack", they're just using the form we provide.

OSGeo LDAP currently has approx. 18k user ID's, but, as far as I understand, most of these are not members of any of our project or shell groups.

comment:2 Changed 5 years ago by strk

This ticket became relevant again these days. See also #1665

What are "Q", "R" and "S" in the original ticket description ?

comment:3 Changed 5 years ago by strk

Resolution: wontfix
Status: newclosed

Closed for lack of feedback

Note: See TracTickets for help on using tickets.