CVE-2012-6426

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
lemonldap-nglemonldap\
𝑥
≤ 1.2.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lemonldap-ng
bullseye
2.0.11+ds-4+deb11u5
fixed
squeeze
not-affected
bookworm
2.16.1+ds-deb12u2
fixed
sid
2.20.0+ds-2
fixed
trixie
2.20.0+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lemonldap-ng
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
dne
saucy
not-affected
raring
ignored
quantal
ignored
precise
ignored
oneiric
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://jira.ow2.org/browse/LEMONLDAP-570
http://openwall.com/lists/oss-security/2012/12/19/6
http://openwall.com/lists/oss-security/2012/12/20/6
http://jira.ow2.org/browse/LEMONLDAP-570
http://openwall.com/lists/oss-security/2012/12/19/6
http://openwall.com/lists/oss-security/2012/12/20/6