CVE-2012-6426
NONE EPSS 72.1%
Published Jan 1, 201313y ago · Modified Jun 16, 20262w ago
Published Jan 1, 2013 13y ago
Last Modified Jun 16, 2026 2w ago
Description
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.
Threat Intelligence
EPSS Exploit Probability
72.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-264
Affected Products 26
| Vendor | Product | Version | Range |
|---|---|---|---|
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | ≤1.2.2 |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
| lemonldap-ng | lemonldap\ | \ | any |
References 3
- jira.ow2.org http://jira.ow2.org/browse/LEMONLDAP-570
- openwall.com http://openwall.com/lists/oss-security/2012/12/19/6
- openwall.com http://openwall.com/lists/oss-security/2012/12/20/6
Remediation
- jira.ow2.org http://jira.ow2.org/browse/LEMONLDAP-570