6 matches found
CVE-2019-15488
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test...
CVE-2024-12510 LDAP Authentication Sever Pass-back attack
If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup...
CVE-2024-12510 LDAP Authentication Sever Pass-back attack
If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup...
Cross-site Scripting in Ignite Realtime Openfire
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test...
CVE-2019-15488
CVE-2019-15488 affects Ignite Realtime Openfire before 4.4.1, where the LDAP setup test endpoint processes input in a way that allows a reflected XSS payload. The issue is described as a reflected XSS via the LDAP setup test in multiple sources (Openfire, Red Hat advisory, OSV, etc.). No explicit...
pam_ldap/nss_ldap password leak in a master+slave+start_tls LDAP setup
pamldap/nssldap fail to re-start TLS when following referred connections. This can result in credentials being sent in clear text when pamldap/nssldap attempt to rebind. This affects any LDAP infrastructure which can generate referrals during NSS or PAM operations generally a master+slave LDAP...