CVE-2012-6426

CVE-2012-6426

EPSS 1.6%

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://jira.ow2.org/browse/LEMONLDAP-570 http://openwall.com/lists/oss-security/2012/12/19/6 http://openwall.com/lists/oss-security/2012/12/20/6