VULNERABILITIES / FIXES - October 22, 2012
by Carol~ - 10/22/12 6:20 AM
Self Service Password Unspecified LDAP Injection Vulnerability
Release Date : 2012-10-22
Criticality level : Less critical
Impact : Manipulation of data
Where : From local network
Solution Status : Vendor Patch
Software: Self Service Password 0.x
A vulnerability has been reported in Self Service Password, which can be exploited by malicious people to manipulate certain data.
Certain unspecified input is not properly sanitised before being used in LDAP queries. This can be exploited to manipulate LDAP queries by injecting arbitrary LDAP query code.
The vulnerability is reported in versions prior to 0.8.
Update to version 0.8.
Provided and/or discovered by:
Reported by the vendor.