CVE-2015-6538

Name of the Vulnerable Software and Affected Versions Epiphany Cardio Server versions 3.3 through 4.1

Description The issue concerns the mishandling of authentication requests on the login page, allowing remote attackers to conduct LDAP injection attacks. This enables attackers to bypass intended access restrictions by using a crafted URL.

Recommendations For versions 3.3 through 4.1, consider temporarily restricting access to the login page until a patch is available. As a mitigation measure, restrict the use of LDAP authentication to minimize the risk of exploitation.