/ 
Lemonldap-NG-Handler-2.0.13
/ Lemonldap::NG::Handler
Security Advisories (1)
CVE-2021-40874 (2022-07-18)

An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.

NAME

Lemonldap::NG::Handler - The Apache protection module part of Lemonldap::NG Web-SSO system.

DESCRIPTION

This is an alias for Lemonldap::NG::Handler::ApacheMP2

SEE ALSO

Lemonldap::NG::Handler::ApacheMP2, http://lemonldap-ng.org/

AUTHORS

LemonLDAP::NG team http://lemonldap-ng.org/team

BUG REPORT

Use OW2 system to report bug or ask for features: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues

DOWNLOAD

Lemonldap::NG is available at https://lemonldap-ng.org/download

COPYRIGHT AND LICENSE

See COPYING file for details.

This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.