3 matches found
CVE-2018-12421
LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...
CVE-2018-12421
LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...
CVE-2018-12421
LTB Self Service Password prior to 1.3 has a vulnerability: a crafted POST can change a user’s password without the old one because ldap_bind return value handling and PHP typing are mishandled. Affected product: LTB Self Service Password. CVSS3 base score 9.8 (CRITICAL) with impact to confidenti...