Homepage
About Snyk

edu.vt.middleware:vt-ldap@3.3.5 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the edu.vt.middleware:vt-ldap package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Certificate Validation

edu.vt.middleware:vt-ldap is a Library for performing common LDAP operations.

Affected versions of this package are vulnerable to Improper Certificate Validation. It was discovered that the implementation used by the vtldap/ldaptive project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack, where the attacker can spoof a valid certificate using a specially crafted subject.

How to fix Improper Certificate Validation?

Upgrade edu.vt.middleware:vt-ldap to version 3.3.8 or higher.

[3.3.5,3.3.8)
Go back to all versions of this package