X.509 Certificate Validation Issue in LemonLDAP::NG by OW2
CVE-2020-16093

7.5HIGH

Key Information:

Vendor

Lemonldap-ng

Status
Lemonldap\
Vendor
CVE Published:
18 July 2022

What is CVE-2020-16093?

In versions of LemonLDAP::NG up to 2.0.8, an important security concern exists where the validity of X.509 certificates is not verified by default during connections to remote LDAP backends. This oversight arises from the use of default settings in the Perl Net::LDAPS module, posing potential risks for systems relying on secure LDAP communications. Administrators are encouraged to reconfigure their setups to enforce certificate validation and mitigate associated security threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://lemonldap-ng.org/download
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues...
https://lists.debian.org/debian-lts-announce/2023/01/msg0...
mailing-list

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.