CVE-2021-41232

Name of the Vulnerable Software and Affected Versions Thunderdome versions prior to 1.16.3

Description The issue is related to an LDAP injection vulnerability that affects instances with LDAP authentication enabled. The provided username is not properly escaped, allowing for potential exploitation. This issue has been patched, and it is estimated that a significant number of devices worldwide that use Thunderdome with LDAP authentication could be affected, although the exact number is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 1.16.3, update to version 1.16.3 to resolve the issue. As a temporary workaround, consider disabling the LDAP feature if it is in use, to minimize the risk of exploitation.