CVE-2012-6426

NONE EPSS 72.1%
Published Jan 1, 201313y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 1, 2013 13y ago
Last Modified Jun 16, 2026 2w ago

Description

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.

Threat Intelligence

EPSS Exploit Probability
72.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-264

Affected Products 26

VendorProductVersionRange
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\ ≤1.2.2
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any
lemonldap-nglemonldap\\any

References 3

  • jira.ow2.org http://jira.ow2.org/browse/LEMONLDAP-570
    Patch
  • openwall.com http://openwall.com/lists/oss-security/2012/12/19/6
  • openwall.com http://openwall.com/lists/oss-security/2012/12/20/6

Remediation

  • jira.ow2.org http://jira.ow2.org/browse/LEMONLDAP-570
    Patch