📦 Lemonldap\

by Lemonldap Ng

🔍 What is Lemonldap\?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2019-19791

CRITICAL CVSS 9.8 May 29, 2023

This vulnerability in LemonLDAP::NG allows attackers to bypass authentication by manipulating URLs to access SOAP/REST endpoints that should be restricted. It affects systems using default Apache HTTP...

CVE-2023-28862

CRITICAL CVSS 9.8 Mar 31, 2023

This vulnerability in LemonLDAP::NG allows attackers to bypass two-factor authentication (2FA) by exploiting weak session ID generation in the AuthBasic handler and incorrect failure handling during p...

CVE-2021-40874

CRITICAL CVSS 9.8 Jul 18, 2022

This vulnerability allows authentication bypass in LemonLDAP::NG when using the RESTServer plugin with Kerberos authentication combined with another method via the Combination plugin. Any password wil...

CVE-2020-24660

CRITICAL CVSS 9.8 Sep 14, 2020

This vulnerability allows attackers to bypass URL-based access controls in LemonLDAP::NG when used with NGINX by submitting non-normalized URIs. It affects LemonLDAP::NG through version 2.0.8 and the ...

CVE-2020-16093

HIGH CVSS 7.5 Jul 18, 2022

LemonLDAP::NG versions through 2.0.8 do not validate X.509 certificates when connecting to LDAP backends by default, allowing man-in-the-middle attacks. This affects all deployments using LDAPS connec...