Описание
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| fusiondirectory | fixed | 1.2.3-5 | package | |
| fusiondirectory | fixed | 1.2.3-4+deb10u1 | buster | package |
| fusiondirectory | fixed | 1.0.19-1+deb9u1 | stretch | package |
| gosa | fixed | 2.7.4+reloaded3-9 | package | |
| gosa | fixed | 2.7.4+reloaded3-8+deb10u1 | buster | package |
| gosa | fixed | 2.7.4+reloaded2-13+deb9u2 | stretch | package |
Связанные уязвимости
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.