exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2023-28862

почти 3 года назад

An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.

CVSS3: 9.8

EPSS: Низкий

CVE-2023-28862

почти 3 года назад

An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.

CVSS3: 9.8

EPSS: Низкий

CVE-2023-28862

почти 3 года назад

An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session I ...

CVSS3: 9.8

EPSS: Низкий

GHSA-r74q-xwhp-q6r9

почти 3 года назад

An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2023-28862 An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.	CVSS3: 9.8	0% Низкий	почти 3 года назад
CVE-2023-28862 An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.	CVSS3: 9.8	0% Низкий	почти 3 года назад
CVE-2023-28862 An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session I ...	CVSS3: 9.8	0% Низкий	почти 3 года назад
GHSA-r74q-xwhp-q6r9 An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.	CVSS3: 9.8	0% Низкий	почти 3 года назад

Уязвимостей на страницу