CVE-2024-45160

Published: Oct 9, 2024

Modified: Oct 9, 2024

PUBLISHED

Description

Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3223

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/06d771cbc2d5c752354c50f83e4912e5879f9aa2

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/236cdfe42c1dc04a15a4a40c5e6a8c2e858d71d7

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/696f49a0855faeb271096dccb8381e2129687c3d

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-45160

Description

Affected Products

References