Published: 30/07/2021 Updated: 11/08/2021

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 534

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

An issue exists in LemonLDAP::NG prior to 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lemonldap-ng lemonldap\\ \\
debian debian linux 10.0

Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO system The flaws could result in information disclosure, authentication bypass, or could allow an attacker to increase its authentication level or impersonate another user, especially when lemonldap-ng is configured to increase authentication level for users authenticated via a sec ...

CWE-307 https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539 https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags https://www.debian.org/security/2021/dsa-4943 https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4943

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-35472

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect