An issue exists in LemonLDAP::NG prior to 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lemonldap-ng lemonldap\\ \\ |
||
debian debian linux 10.0 |