User Impersonation Affecting com.unboundid:unboundid-ldapsdk Open this link in a new tab package, versions [,4.0.5)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
1 Apr 2018
16 Mar 2018
com.unboundid:unboundid-ldapsdk is a UnboundID LDAP SDK for Java.
Affected version of this package are vulnerable to User Impersonation. The process function in the
SimpleBindRequest class which check for empty password when running in synchronous mode.
com.unboundid:unboundid-ldapsdk to version 4.0.5 or higher.