Name of the Vulnerable Software and Affected Versions eZ Publish Legacy (affected versions not specified)

Description The issue concerns a failure of the standard login handler to verify passwords correctly in certain configurations, potentially allowing unauthorized access. This can occur in installations using the legacy LDAP login handler or the TextFile login handler in combination with the standard legacy login handler. The estimated number of potentially affected devices is not provided.

Recommendations To resolve the issue, update to one of the resolving versions using Composer. As a temporary workaround, consider restricting access to the legacy login handler until the update is applied. Avoid using the legacy LDAP login handler or the TextFile login handler in combination with the standard legacy login handler until the issue is resolved.