gosa is vulnerable to authentication bypass. An attacker is able to authenticate as any user using a username containing the case-insensitive substring success
with an arbitrary password.
CPE | Name | Operator | Version |
---|---|---|---|
gosa:xenial | eq | 2.7.4+reloaded2-9ubuntu1 | |
gosa:xenial | eq | 2.7.4+reloaded2-9ubuntu1 |