Posted on 03-30-2020 01:25 PM
I have a question for the community in regards to a security issue we discovered. Our Jamf cloud instance is AD/LDAP integrated (onPrem) and when the failover link is used to sign-on to the cloud console, our LDAP registers authentication attempts. The security issue is that the ?failover link will attempt to authenticate ANY user in our AD. The result of this is that a malicious actor on the internet could potentially lock out any user account in our corporate AD if they have a valid user account. This opens up a whole can of worms. Attempts to guess user passwords, purposely locking out user accounts (ie. CEO, CIO) among other things.
Has anyone come across this? Is anyone willing to try an account on their instance to see if it's the same for their AD/LDAP server with the failover link? If this is NOT happening to you, what are we doing wrong? Is there a configuration we missed? Or is this behavior I'm describing something you actually need to have happen over the failover link where it authenticates any AD account?