Versions 2.3.2 and earlier of
ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter.
ldapauth-fork version 2.3.3 or later.
Have content suggestions? Send them to [email protected]
reportedInitial report by Jerome Touffe-BlinOct 17th, 2015
publishedAdvisory publishedSep 18th, 2015