I played with a Lion client bound to OpenLDAP running on a Linux server. I could login with my username and any password (empty or not). I used a packet sniffer and it appeared to me, that the Lion client is not even…
Agreed that few are relying on Lion servers. But the security flaw is at the side of the Mac client, not the server. If you have Lion clients authenticating against OpenLDAD hosted on, say, a Linux server, then only the…
I played with a Lion client bound to OpenLDAP running on a Linux server. I could login with my username and any password (empty or not). I used a packet sniffer and it appeared to me, that the Lion client is not even…
Agreed that few are relying on Lion servers. But the security flaw is at the side of the Mac client, not the server. If you have Lion clients authenticating against OpenLDAD hosted on, say, a Linux server, then only the…