18 matches found
CVE-2025-13948
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...
CVE-2025-13948
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...
CVE-2025-13948 opsre go-ldap-admin JWT docker-compose.yaml hard-coded key
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...
CVE-2025-13948
The CVE-2025-13948 entry concerns opsre go-ldap-admin (up to 20251011) with an issue in the JWT Handler’s docs/docker-compose/docker-compose.yaml processing. Manipulating the argument secret key can lead to use of a hard-coded cryptographic key, enabling remote attack. Exploitation details beyond...
EUVD-2025-200976
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...
CVE-2025-13948 opsre go-ldap-admin JWT docker-compose.yaml hard-coded key
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...
Go Ldap Admin 安全漏洞
Go Ldap Admin is an openLDAP backend management project based on Go+Vue implementation organized by China opsre. A security vulnerability exists in Go Ldap Admin 20251011 and earlier versions, which originates from the use of hard-coded encryption keys by the JWT Handler component in the...
PT-2025-48812
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...
Linux Distros Unpatched Vulnerability : CVE-2017-14623
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the ldap.v2 aka go-ldap package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this...
In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine whether a user is authorized (i.e. a nil return value is interpreted as successful authorization) and (2) it is used with an LDAP server allowing unauthenticated bind.
...
GO-2022-0887 Access Restriction Bypass in go-ldap in github.com/go-ldap/ldap
Access Restriction Bypass in go-ldap in github.com/go-ldap/ldap...
SUSE CVE-2017-14623
In the ldap.v2 aka go-ldap package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: 1 it relies only on the return error of the Bind function call to determine whether a user is...
GHSA-X27W-QXHG-343V Access Restriction Bypass in go-ldap
In the ldap.v2 aka go-ldap package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: 1 it relies only on the return error of the Bind function call to determine whether a user is...
Access Restriction Bypass in go-ldap
In the ldap.v2 aka go-ldap package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: 1 it relies only on the return error of the Bind function call to determine whether a user is...
CVE-2017-14623
In the ldap.v2 aka go-ldap package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: 1 it relies only on the return error of the Bind function call to determine whether a user is...
go-ldap ldap trust management vulnerability
go-ldap ldap is a GO language based LDAP server. A trust management vulnerability exists in go-ldap ldap version 2.5.0 and earlier. A remote attacker can exploit this vulnerability by logging into the server with the help of a null password...
CVE-2017-14623
In the ldap.v2 aka go-ldap package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: 1 it relies only on the return error of the Bind function call to determine whether a user is...
CVE-2017-14623
CVE-2017-14623 affects the ldap.v2 (go-ldap) package for Go up to v2.5.0. The issue arises when an application relies on the Bind error return to authorize users and uses an LDAP server that permits unauthenticated binds; this can allow an attacker to login with an empty password, bypassing acces...