[CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping

Posted on Sun 17 March 2013 in Advisory • Tagged with vulnerability, advisory, lemonldap

Summary

LemonLDAP-NG <=1.2.2 is prone to a security vulnerability involving XML signature wrapping in authentication process.

Successful exploits may allow unauthenticated attackers to construct specially crafted messages that can be successfully verified and contain arbitrary content.

This may lead to authentication bypass.

Details

Due to a bad use …


Continue reading