CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap: Lemonldap-NG-Handler vulnerability
Publisher | giterlizzi | Document category | csaf_security_advisory |
---|---|---|---|
Initial release date | 2021-07-30T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
Current release date | 2021-07-30T00:00:00 | Build Date | |
Current version | 1 | Status | final |
CVSS v3.1 Base Score | 8.8 | Severity | High |
Original language | Language | en | |
Also referred to |
Vulnerability Description
An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.
Vulnerabilities
CVE-2021-35472
Vulnerability DescriptionAn issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.
Weakness | CWE-307 : Improper Restriction of Excessive Authentication Attempts |
---|
Product status
Known affected
Product | Score | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Lemonldap-NG-Handler |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Lemonldap-NG-Handler-2021-35472-lemonldap JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2021/cpansa-lemonldap-ng-handler-2021-35472-lemonldap.json - https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539 external
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539 - https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags external
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags - https://www.debian.org/security/2021/dsa-4943 external
https://www.debian.org/security/2021/dsa-4943 - https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5 external
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5 - https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog external
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/master/changelog - CVE-2021-35472 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2021-35472
Revision history
Version | Date of the revision | Summary of the revision |
---|---|---|
1 | Fri Jul 30 00:00:00 2021 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/