Bypassing Access-Control Restrictions in LemonLDAP::NG before 1.2.3 via Crafted SAML Data

Bypassing Access-Control Restrictions in LemonLDAP::NG before 1.2.3 via Crafted SAML Data

CVE-2012-6426 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.

Learn more about our Web Application Penetration Testing UK.