LDAP Injection Vulnerability in Apache Karaf

LDAP Injection Vulnerability in Apache Karaf

CVE-2016-8750 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:N/A:P

Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.

Learn more about our User Device Pen Test.