CVE-2024-45160

Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret).
Configurations

No configuration.

History

09 Oct 2024, 21:35

Type Values Removed Values Added
CWE CWE-863
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
Summary
  • (es) La validación de credenciales incorrecta en LemonLDAP::NG 2.18.x y 2.19.x anterior a 2.19.2 permite a los atacantes eludir la autenticación del cliente OAuth2 a través de un parámetro client_password vacío (secreto del cliente).

09 Oct 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-09 05:15

Updated : 2024-10-10 12:51


NVD link : CVE-2024-45160

Mitre link : CVE-2024-45160

CVE.ORG link : CVE-2024-45160


JSON object : View

Products Affected

No product.

CWE
CWE-863

Incorrect Authorization