[Xerte] Xerte LDAP Security Issue

John Pettifor jpettifor at youngepilepsy.org.uk
Wed Apr 17 09:28:20 BST 2013

We have a local Xerte Site installation with LDAP authentication. Yesterday one of our users reported an error as below:

Issue connecting to ldap server (#2) : Binding. YYYYYYY at ncype.org.uk<mailto:sweepsvc at ncype.org.uk> : :XXXXXXXX:
Y = Administrative User name used to sweep the Active Directory
X = Password for the above account

Both of these were obviously displayed in plain text. The user who viewed the account was a regular domain user.

Was this something we have done in error?

John Pettifor
Media/ILT Technician & STTCT Project Coordinator
Young Epilepsy, St Piers Lane, Lingfield, Surrey RH7 6PW
T 01342 832243 (Ext. 438) M 07807916858  E: jpettifor at youngepilepsy.org.uk<mailto:jmorris at youngepilepsy.org.uk> Skype: PettiforJohn

Young Epilepsy Helpline 01342 831342  or helpline at youngepilepsy.org.uk<mailto:helpline at youngepilepsy.org.uk>


Young Epilepsy is the operating name of the National Centre for Young People with Epilepsy (NCYPE), St Piers Lane, Lingfield, Surrey RH7 6PW. Tel: 01342 832 243. Fax: 01342 834 639. www.youngepilepsy.org.uk  
Registered Charity No. 311877

The information contained in or attached to this email is confidential and only intended for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient any reading, printing, storage, disclosure, copying or any other action taken in respect of this e-mail is prohibited and may be unlawful. If you have received this email in error, please notify the sender immediately by using the reply function and then permanently delete what you have received.

The views expressed in this email may not necessarily reflect the views or policies of Young Epilepsy.

Internet email is not a secure medium. Emails sent via the internet could be intercepted and read by someone else. Please bear that in mind when deciding whether to send material to Young Epilepsy. You have a responsibility to ensure laws are not broken when composing or forwarding emails and their contents.

All emails and attachments sent and received by Young Epilepsy employees are stored by a forensic compliance system and are monitored to ensure the effective operation of the system and for other lawful purposes. 

Although Young Epilepsy operates anti-virus programmes, it does not accept any responsibility for any damage whatsoever that is caused by viruses being passed.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte/attachments/20130417/f4cb59bc/attachment.html>

More information about the Xerte mailing list