CVE-2021-35472

Name of the Vulnerable Software and Affected Versions LemonLDAP::NG versions prior to 2.0.12

Description The issue is related to an error in handling user-controlled authorization keys in the authentication system of LemonLDAP::NG. This can be exploited by a remote attacker to conduct spoofing attacks. Session cache corruption can lead to authorization bypass or spoofing, allowing an attacker to be authenticated as one of two different users by making many authentication attempts in a loop.

Recommendations For versions prior to 2.0.12, update to version 2.0.12 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation. Avoid using the authentication system until the issue is resolved.