RSS   Vulnerabilities for 'Mod auth ldap'   RSS

2020-01-28
 
CVE-2020-8086

CWE-863
 

 
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.

 

 >>> Vendor: Prosody 3 Products
Prosody
Mod auth ldap
Mod auth ldap2


Copyright 2024, cxsecurity.com

 

Back to Top