CVE-2020-16093

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions LemonLDAP::NG versions prior to 2.0.9

Description The issue concerns the validity of X.509 certificates not being checked by default when connecting to remote LDAP backends. This is due to the default configuration of the Net::LDAPS module for Perl being used.

Recommendations For versions prior to 2.0.9, update to version 2.0.9 or later to ensure the validity of X.509 certificates is properly checked when connecting to remote LDAP backends.

Exploit

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2020-16093

DLA-3284-1

DLA-3285-1

DLA-3287-1

Affected Products

Lemonldap::Ng

Net::Ldaps

CVE-2020-16093

Weakness Enumeration

Related Identifiers

Affected Products

References · 23