Authentication flaw

2019-09-0921:15:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.0%

Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used.

CPENameOperatorVersion
limesurveylt3.17.14

CPE	Name	Operator	Version
	limesurvey	lt	3.17.14

References

github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c72293371e

www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released