PT-2023-11826 · Unknown+2 · Net::Ldaps+3

Published

2023-01-27

Updated

2025-03-28

CVE-2020-36658

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache::Session::LDAP versions prior to 0.5

Description The issue arises from the default configuration of the Net::LDAPS module for Perl, which does not check the validity of the X.509 certificate when connecting to remote LDAP backends.

Recommendations For Apache::Session::LDAP versions prior to 0.5, consider configuring the Net::LDAPS module to check the validity of the X.509 certificate when connecting to remote LDAP backends as a mitigation measure.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2020-36658

DLA-3284-1

USN-6596-1

Affected Products

Apache::Session::Ldap

Linuxmint

Net::Ldaps

Ubuntu

PT-2023-11826 · Unknown+2 · Net::Ldaps+3

CVE-2020-36658

Weakness Enumeration

Related Identifiers

Affected Products

References · 22