On Mon, 2018-01-29 at 15:08 +0000, Torgersen, Eric A wrote:
> Are there any details or guidance available regarding the following:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1525628
Hi,
Summary: This is very low risk for the majority of installations,
There are very limited circumstances where this can affect your
deployment. You must run certain types of hashes, and must have
imported them incorrectly during an ldif2db or nsslapd-allow-hashed-
password: on import.
For most users who allow DS to do the hashing for you (ie ldappasswd or
similar) then there is no risk.
I will communicate with RH security about this, as the issue is meant
to be embargoed, but has leaked, so we must open this asap to give
proper information.
Thanks,
>
> Eric Torgersen
> Systems Architect | Information Technology Services | Enterprise
> Infrastructure Services
> 518-442-6471 | etorgersen@albany.edu
> University at Albany
> 1400 Washington Ave | Albany, NY 12222
>
> Confidentiality Notice: The information contained in this electronic
> transmission is confidential and is intended for the use of the
> individual(s) or entity(ies) named above only. If the reader of this
> message is not the intended recipient, you are hereby notified that
> any dissemination, distribution or reproduction of this transmission
> is strictly prohibited. If you have received this transmission in
> error, please destroy any and all copies of the transmission and
> notify the sender immediately.
>
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o
> rg
--
Sincerely,
William Brown
Software Engineer
Red Hat, Australia/Brisbane
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
No comments:
Post a Comment