Revive Adserver: Username normalization missing allows visually indistinguishable accounts (Whitespace-Based Impersonation)

Version: ==revive-adserver 6.0.2== Summary: Revive Adserver allows creation of usernames containing leading or trailing whitespace e.g. "admin" or " admin". The UI does not visibly differentiate such usernames from admin, producing visually identical accounts. This can be used to impersonate...

squid -- no sanity check of usernames in squid_ldap_auth

The LDAP authentication helper did not strip leading or trailing spaces from the login name. According to the squid patches page: LDAP is very forgiving about spaces in search filters and this could be abused to log in using several variants of the login name, possibly bypassing explicit access...