[Full-disclosure] LDAP username special char Problem
Jellbauer Jakob
Jakob.Jellbauer at interhyp.de
Thu Mar 17 18:37:45 GMT 2005
Hi,
today i followed this scenario:
a user tried to connect to Windows 2000 ActiveDirectory trough LDAP, and misspelled the loginname like :
usérname or usêrname (with special char like ` or ^ or ´ )
and is succesfully connected !
is this a known "feature" or problem ?
i reproduced it with php ldap functions and with Softerra LDAP Browser
greetings
jakob
Jakob Jellbauer
Junior Network & Systemadministrator
Interhyp AG
Parkstadt Schwabing
Marcel-Breuer-Straße 18
80807 München
fon: +49 (89) 76 77 21 47
fax: +49 (89) 76 77 251 47
mailto:jakob.jellbauer at interhyp.de
http://www.interhyp.de
Full-Disclosure is hosted and sponsored by Secunia.