-
Bug
-
Resolution: Done
-
Major
-
JBossSecurity_2.0.4.SP1, PicketBox_v3_0_beta5
-
None
-
None
LdapExtLoginModule got changed for SECURITY-422 to allow external commands to be run by prefixing the credential with
The trivial fix is to change the following line in LdapExtLoginModule.createLdapInitContext()
if (this.bindCredential.startsWith("{EXT}
"))
to
if (this.bindCredential != null && this.bindCredential.startsWith("
"))