← Zuruck zu CVEs

CVE-2018-12421

N/A

Beschreibung

LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.

CVE Details

CVSS v3.1 BewertungN/A

Veroffentlicht6/14/2018

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

ltb-project:ldap_tool_box_self_service_password

Schwachen (CWE)

CWE-640

Referenzen

https://github.com/ltb-project/self-service-password/issues/209(cve@mitre.org)

https://github.com/ltb-project/self-service-password/issues/211(cve@mitre.org)

https://lists.ltb-project.org/pipermail/ltb-announce/2018-June/000023.html(cve@mitre.org)

https://github.com/ltb-project/self-service-password/issues/209(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/ltb-project/self-service-password/issues/211(af854a3a-2127-422b-91ae-364da2661108)

https://lists.ltb-project.org/pipermail/ltb-announce/2018-June/000023.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.