6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
9/2/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#11424] security problem with syncml and LDAP Authentication
*
Your Email Address
*
Spam protection
Enter the letters below:
.__..__ . ..__ .__ | |[__)|\/|| \[ __ |__|[__)| ||__/[_./
Comment
> If Authentication is switched to LDAP Auth, then syncml does not > require a password for any known account! > > So it is possible to read and even write other users calendar and > addressbooks despite they are not shared! > > This does not happen with authentication switched to IMP. > > 2012-09-13T13:22:17+02:00 DEBUG: HORDE Load config file (nls.php; > app: horde) [pid 24335 on line 868 of "/usr/share/pear/Horde.php"] > 2012-09-13T13:22:17+02:00 ERR: HORDE DN for user not found [pid > 24335 on line 873 of "/usr/share/pear/Horde/Ldap.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE 1. Horde_Registry::appInit() > /var/www/html/horde/rpc.php:77 > 2. Horde_Registry->__construct() /usr/share/pear/Horde/Registry.php:238 > 3. Horde_Injector->getInstance() /usr/share/pear/Horde/Registry.php:452 > 4. Horde_Injector->createInstance() /usr/share/pear/Horde/Injector.php:248 > 5. Horde_Injector_Binder_Factory->create() > /usr/share/pear/Horde/Injector.php:213 > 6. Horde_Core_Factory_Notification->create() > /usr/share/pear/Horde/Injector/Binder/Factory.php:111 > 7. Horde_Registry->listApps() > /usr/share/pear/Horde/Core/Factory/Notification.php:27 > 8. Horde_Registry->hasPermission() /usr/share/pear/Horde/Registry.php:804 > 9. Horde_Registry->isAuthenticated() /usr/share/pear/Horde/Registry.php:1439 > 10. Horde_Core_Factory_Auth->create() /usr/share/pear/Horde/Registry.php:1901 > 11. Horde_Core_Factory_Auth->_create() > /usr/share/pear/Horde/Core/Factory/Auth.php:61 > 12. Horde_Core_Factory_Ldap->create() > /usr/share/pear/Horde/Core/Factory/Auth.php:177 > 13. Horde_Ldap->findUserDN() /usr/share/pear/Horde/Core/Factory/Ldap.php:79 > > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [imp] Load config file > (conf.php; app: imp) [pid 24335 on line 868 of > "/usr/share/pear/Horde.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [imp] Load config file > (prefs.php; app: horde) [pid 24335 on line 868 of > "/usr/share/pear/Horde.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [imp] Load config file > (prefs.php; app: imp) [pid 24335 on line 868 of > "/usr/share/pear/Horde.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [imp] Load config file > (backends.php; app: imp) [pid 24335 on line 868 of > "/usr/share/pear/Horde.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [gollem] Load config file > (conf.php; app: gollem) [pid 24335 on line 868 of > "/usr/share/pear/Horde.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [gollem] Load config file > (prefs.php; app: gollem) [pid 24335 on line 868 of > "/usr/share/pear/Horde.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [gollem] Load config file > (backends.php; app: gollem) [pid 24335 on line 868 of > "/usr/share/pear/Horde.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [horde] Horde_Rpc::__construct > complete [pid 24335 on line 96 of "/usr/share/pear/Horde/Rpc.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [horde] Backend of class > Horde_SyncMl_Backend_Horde created [pid 24335 on line 38 of > "/usr/share/pear/Horde/SyncMl/Backend/Horde.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [horde] New session created: > 68488bc4dedf64c51742b5d1433f1de9 [pid 24335 on line 364 of > "/usr/share/pear/Horde/SyncMl/ContentHandler.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [horde] Checking > authentication for user Guinea.Pig [pid 24335 on line 371 of > "/usr/share/pear/Horde/SyncMl/ContentHandler.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [horde] Hook preauthenticate > in application horde called. [pid 24335 on line 1829 of > "/usr/share/pear/Horde.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [horde] SQL (0.0003s) > SELECT lock_id, lock_owner, lock_scope, lock_principal, > lock_origin_timestamp, lock_update_timestamp, > lock_expiry_timestamp, > lock_type FROM horde_locks WHERE lock_expiry_timestamp >= > 1347535337 > AND lock_principal = 'login:guinea.pig' AND lock_scope = > 'horde_auth' > AND lock_type = 1 [pid 24335 on line 803 of > "/usr/share/pear/Horde/Db/Adapter/Base.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [horde] SQL (0.0003s) > DELETE FROM horde_histories WHERE object_uid IN > ('guinea.pig@logins.failed') [pid 24335 on line 803 of > "/usr/share/pear/Horde/Db/Adapter/Base.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [horde] Load config file > (prefs.php; app: horde) [pid 24335 on line 868 of > "/usr/share/pear/Horde.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [horde] SQL (0.0004s) > SELECT pref_scope, pref_name, pref_value FROM horde_prefs WHERE > pref_uid = 'guinea.pig' AND pref_scope = 'horde' [pid 24335 > on line 803 of "/usr/share/pear/Horde/Db/Adapter/Base.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [horde] SQL (0.0008s) > SHOW FIELDS FROM `horde_prefs` [pid 24335 on line 803 of > "/usr/share/pear/Horde/Db/Adapter/Base.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [horde] Authenticated: yes; > version: 1.2; message ID: 1; source URI: > fmz-L42piSo6yCHQCePbdZhTCA==; target URI: > http://testwebmail.physik.uni-muenchen.de/horde/rpc.php; user: > guinea.pig; charset: UTF-8; wbxml: no [pid 24335 on line 283 of > "/usr/share/pear/Horde/SyncMl/ContentHandler.php"] > 2012-09-13T13:22:17+02:00 DEBUG: HORDE [horde] SQL (0.0004s) > SELECT syncml_clientanchor, syncml_serveranchor FROM > horde_syncml_anchors WHERE syncml_syncpartner = > 'fmz-L42piSo6yCHQCePbdZhTCA==' AND syncml_db = 'contacts' AND > syncml_uid = 'guinea.pig' [pid 24335 on line 803 of > "/usr/share/pear/Horde/Db/Adapter/Base.php"] > > >
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers