X.509 Certificate Validation Issue in LemonLDAP::NG by OW2
CVE-2020-16093

7.5HIGH

Key Information:

Vendor: Lemonldap-ng
Status: Lemonldap\
Vendor: CVE Published:; 18 July 2022

🔔 Create Lemonldap-ng Vulnerability Alert

What is CVE-2020-16093?

In versions of LemonLDAP::NG up to 2.0.8, an important security concern exists where the validity of X.509 certificates is not verified by default during connections to remote LDAP backends. This oversight arises from the use of default settings in the Perl Net::LDAPS module, posing potential risks for systems relying on secure LDAP communications. Administrators are encouraged to reconfigure their setups to enforce certificate validation and mitigate associated security threats.

References

https://lemonldap-ng.org/download

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues...

https://lists.debian.org/debian-lts-announce/2023/01/msg0...

mailing-list

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2022
Vulnerability Reserved
Jul 28, 2020

CVE-2020-16093 Data

JSON