Solovvway

**Name of the Vulnerable Software and Affected Versions** Moonraker versions 0.9.3 and below **Description** Moonraker is a Python web server providing API access to Klipper 3D printing firmware. When the `ldap` component is enabled, instances are susceptible to LDAP search filter injection via the ''login'' endpoint. An attacker can leverage the 401 error response to confirm successful searches, enabling brute-force attempts to uncover LDAP entries, including user IDs and attributes. The ''login'' endpoint is the point of exploitation. The `ldap` component is the vulnerable component. **Recommendations** Upgrade to Moonraker version 0.10.0. As a temporary workaround, set the `max login attempts` option in the `[authorization]` section of `moonraker.conf` to a reasonable value. As a more secure workaround, remove the `ldap` section from `moonraker.conf` and rely on the built-in user authentication.