LemonLDAP::NG prior to 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote malicious users to bypass intended access-control restrictions via crafted SAML data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lemonldap-ng lemonldap\\ \\ |