Insufficient Access when changing password with injection enabled

[frogydiak]

On /libraries/ldap/ldap.php line 1098 where ldap_mod_replace() method is called to replace the password. I think as this stage it is binding using the user's credential and should be bind with proxy user.

Please check the details here: http://forum.joomla.org/viewtopic.php?f=706&t=896103

[PhillyWebGuy]

I ran into the same problem. I'm using Active Directory, and that seems to require both the old password and the new password. The plugin code only passes the new, so I was getting a failure. To get it to work, I changed line #697 of libraries/shmanic/user/adapters/ldap.php to look like this:

$this->client->replacePasswordAttribute($this->_dn, array($key => $password, 'oldpwd' => $old));

I then added this method, replacePasswordAttribute(), to libraries/shmanic/ldap/ldap.php. This assumes your password attribute is named unicodePwd and you are using MS ActiveDirectory.

public function replacePasswordAttribute($dn, $attributes) { $this->operationAllowed(); $oldpw = mb_convert_encoding('"' . $attributes['oldpwd'] . '"', 'UTF-16LE', 'UTF-8'); $newpw = $attributes['unicodePwd']; $attributes = [ [ "attrib" => "unicodePwd", "modtype" => LDAP_MODIFY_BATCH_REMOVE, "values" => [$oldpw], ], [ "attrib" => "unicodePwd", "modtype" => LDAP_MODIFY_BATCH_ADD, "values" => [$newpw], ] ]; $result = @ldap_modify_batch($this->resource, $dn, $attributes); if ($result === false) { throw new SHLdapException($this->getErrorCode(), 10151, JText::_('LIB_SHLDAP_ERR_10151')); } return $result; }

Now I can update passwords from the profile page.