CVE-2023-23749

Name of the Vulnerable Software and Affected Versions LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login (affected versions not specified)

Description The issue arises from the extension not properly sanitizing the username POST parameter, leading to LDAP Injection. This allows an attacker to manipulate the parameter and dump arbitrary contents from the LDAP Database.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.