[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ppolicy + slapcat = ldif vulnerability?

Clowser, Jeff (Contractor) writes:
> My biggest question would be why these 2 attributes are treated
> differently - i.e. are userpassword and pwdhistory different types or
> something to trigger different behaviour, or does slapcat just
> hardcode userpassword as an attribute to base64 hash, etc?

slapcat and ldapsearch (via liblutil/ldif.c) hardcode that userPassword
is base64-encoded.  So are '<attribute>;binary', attribute values which
contain 8-bit characters, and some other special cases.