Download
| Alert*
|
oval:org.secpod.oval:def:2004803
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the tar ... oval:org.secpod.oval:def:69761 It was discovered that the Lemonldap::NG web SSO system did not restrict OIDC authorization codes to the relying party. oval:org.secpod.oval:def:604542 It was discovered that the Lemonldap::NG web SSO system did not restrict OIDC authorization codes to the relying party. |
