CVE-2019-11187

Name of the Vulnerable Software and Affected Versions GONICUS GOsa through 2019-04-11

Description The issue allows an attacker to bypass access controls by logging into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided. This is due to an incorrect access control in the LDAP class.

Recommendations For GONICUS GOsa through 2019-04-11, update to a version released after 2019-04-11 to resolve the issue. As a temporary workaround, consider restricting access to the LDAP class to minimize the risk of exploitation. Avoid using usernames containing the substring "success" in the affected system until the issue is resolved.