diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2013-11-05 16:16:46 +1300 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2014-03-11 19:33:49 +0100 |
| commit | 1313f96c66e7bd2c4695a94755a4ae77678084a8 (patch) | |
| tree | 46280df06b2704680cf9bf6103498951ab70c2fe /source3/pkgconfig | |
| parent | cb9fdd32f5818a992b899478a30d174d1559fb9f (diff) | |
| download | samba-1313f96c66e7bd2c4695a94755a4ae77678084a8.tar.gz | |
CVE-2013-4496:samr: Remove ChangePasswordUser
This old password change mechanism does not provide the plaintext to
validate against password complexity, and it is not used by modern
clients.
The missing features in both implementations (by design) were:
- the password complexity checks (no plaintext)
- the minimum password length (no plaintext)
Additionally, the source3 version did not check:
- the minimum password age
- pdb_get_pass_can_change() which checks the security
descriptor for the 'user cannot change password' setting.
- the password history
- the output of the 'passwd program' if 'unix passwd sync = yes'.
Finally, the mechanism was almost useless, as it was incorrectly
only made available to administrative users with permission
to reset the password. It is removed here so that it is not
mistakenly reinstated in the future.
Andrew Bartlett
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/pkgconfig')
0 files changed, 0 insertions, 0 deletions