Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 Sep 2015 10:58:56 +1000
From: David Black <>
Subject: CVE request - ldapauth-fork versions < 2.3.3 are vulnerable to ldap injection.

ldapauth-fork versions < 2.3.3 are vulnerable to ldap injection
through the username parameter. This issue was reported at and was fixed in
. ldapauth-fork version 2.3.3 includes the fix.

Can a CVE be assigned for this issue?

Note: the node-ldapauth project found at, which node-ldapauth-fork was
forked from, is still vulnerable to this issue. I notified the owner
of the node-ldapauth repository but have no heard back.

David Black / Security Engineer.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ