ldap3@2.2.1 vulnerabilities
A strictly RFC 4510 conforming LDAP V3 pure Python client library
-
latest version
2.9.1
-
latest non vulnerable version
-
first published
8 years ago
-
latest version published
3 years ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the ldap3 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Authentication Bypass via the rebind() method of the Connection object. It is performing the following comparison to validate input data:
That condition is false in case of password = '', so the old value of the object will be keep in that case, including case where the bind was correct. This is a potential security hole, since a correct bind followed by a rebind with empty password will complete the binding correctly. |
[,2.4)
|