45 matches found
UBUNTU-CVE-2017-8028
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...
CVE-2017-8028
In CVE-2017-8028, Pivotal Spring-LDAP (versions 1.3.0–2.3.1) may authenticate with an arbitrary password when the username is correct if using LDAP BindAuthenticator with DefaultTlsDirContextAuthenticationStrategy and certain LDAP servers, due to LDAP bind not taking effect without an explicit op...
CVE-2017-8028
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...
Debian DLA-1180-1 : libspring-ldap-java security update
Tobias Schneider discovered that Spring-LDAP would allow authentication with an arbitrary password when the username is correct, no additional attributes are bound and when using LDAP BindAuthenticator with DefaultTlsDirContextAuthenticationStrategy as the authentication strategy and setting...
CVE-2017-8028
A vulnerability was found in spring-ldap that allows an attacker to authenticate with an arbitrary password. When spring-ldap connected to some LDAP servers, when no additional attributes are bound, when using LDAP BindAuthenticator with...