[Date Prev][Date Next]
RE: ppolicy + slapcat = ldif vulnerability?
Clowser, Jeff (Contractor) writes:
> My biggest question would be why these 2 attributes are treated
> differently - i.e. are userpassword and pwdhistory different types or
> something to trigger different behaviour, or does slapcat just
> hardcode userpassword as an attribute to base64 hash, etc?
slapcat and ldapsearch (via liblutil/ldif.c) hardcode that userPassword
is base64-encoded. So are '<attribute>;binary', attribute values which
contain 8-bit characters, and some other special cases.