CVE-2023-1907 Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...

Unable to use TLS/SSL LDAP Auth after ADM upgrade to latest build 13.0-71.40 - TLS Handshake fails with "Unknown CA"

After upgrading ADM to latest build 13.0-71.40 External Authentication fails when LDAP Server is configured using Security type SSL and TLS. When retrieving Attributes on LDAP Server config from ADM GUI throw this error :: "LDAP IP Address or Port Number provided is invalid." Network trace shows...

squid -- no sanity check of usernames in squid_ldap_auth

The LDAP authentication helper did not strip leading or trailing spaces from the login name. According to the squid patches page: LDAP is very forgiving about spaces in search filters and this could be abused to log in using several variants of the login name, possibly bypassing explicit access...