Vulnerability in Lemonldap-ng Lemonldap\
CVE-2012-6426
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.
EPSS: 0.016 (72.0th percentile) — read the EPSS interpretation.
Affected products
- Lemonldap-ng Lemonldap\ — versions \
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- cve@mitre.org (mailing-list, x_refsource_MLIST)
- cve@mitre.org (mailing-list, x_refsource_MLIST)