157 matches found
PT-2025-32380 · Openbao · Openbao
Name of the Vulnerable Software and Affected Versions: OpenBao versions 0.1.0 through 2.3.1 Description: Attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP authentication systems. This was caused by different aliasing between pre-flight and full login...
The vulnerability of the user blocking mechanism of the Vault Enterprise and Vault Community Edition corporate information archiving platforms allows attackers to circumvent existing security restrictions.
The vulnerability of the user blocking mechanism in the Vault Enterprise and Vault Community Edition corporate information archiving platforms is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability allows a malicious actor to circumvent existing security...
Improper Neutralization
Overview github.com/hashicorp/vault/builtin/credential/ldap is a package ldap for Hashicorp. Affected versions of this package are vulnerable to Improper Neutralization in the ldap authentication method when usernameasalias is enabled and a user has multiple CNs that are equal except for leading ...
Improper Handling of Case Sensitivity
Overview github.com/hashicorp/vault/builtin/credential/ldap is a package ldap for Hashicorp. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity via the pathLoginAliasLookahead implementation. An attacker can gain unauthorized access and bypass authentication...
Vulnerability of the Server component: Security: LDAP Auth of the MySQL Server database management system, which allows attackers to cause service interruptions.
The vulnerability of the Server component’s Security: LDAP Auth module of the MySQL Server database management system is related to uncontrolled resource consumption. Exploiting this vulnerability could allow an attacker to cause service interruptions...
CVE-2023-28623
Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...
CVE-2021-21484
LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind...
CVE-2013-0966
The Apple modhfsapple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI...
CVE-2013-7292
VASCO IDENTIKEY Authentication Server IAS 3.4.x allows remote authenticated users to bypass Active Directory AD authentication by entering only a DIGIPASS one-time password, instead of the intended combination of this one-time password and a multiple-time AD password...
Security update for pgadmin4
This update for pgadmin4 fixes the following issues: CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set bsc1239308 CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users...
PT-2025-5362 · Jetbrains · Jetbrains Hub
Name of the Vulnerable Software and Affected Versions: JetBrains Hub versions prior to 2024.3.55417 Description: The issue allows for privilege escalation through LDAP authentication mapping. Recommendations: For versions prior to 2024.3.55417, update to version 2024.3.55417 or later to resolve t...
JetBrains Hub 安全漏洞
JetBrains Hub is a web-based application from the Czech company JetBrains. The program is capable of integrating multiple JetBrains team tools together. JetBrains Hub suffers from an elevation of privilege vulnerability that originates from an elevation of privilege via LDAP authentication mappin...
Race Condition
Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Race Condition during the LDAP authentication process. An attacker can hijack another user's session by initiating multiple simultaneous login attempts. Remediation Upgrade pgadmin4 to version 7.0 or highe...
CVE-2023-1907 Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...
pgAdmin 安全漏洞
pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin that stems from the fact that a user logged into pgAdmin running in server mode using LDAP authentication may attach to another...
SUSE CVE-2023-1907
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...
CVE-2024-11320
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through =777.4...
CVE-2024-10127
Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration...
CVE-2024-8777
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials...
PT-2024-39243 · Syscom · Omflow
Name of the Vulnerable Software and Affected Versions: OMFLOW from The SYSCOM Group affected versions not specified Description: The issue allows unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials...