Hello Roland,
* Roland Gruber (p...@rolandgruber.de) wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Eric,
thank you very much for reporting this issue.
There is a patch available now:
https://sourceforge.net/p/lam/bugs/156/#a1dc
thanks for the quick reply. The patch
Package: ldap-account-manager
Version: 4.3
Severity: grave
Tags: security
Justification: user security hole
=== Security Advisory ===
ldap-account-manager-4.3 - PreAuth XSS
Affected Version
ldap-account-manager-4.3,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Eric,
thank you very much for reporting this issue.
There is a patch available now:
https://sourceforge.net/p/lam/bugs/156/#a1dc
Best regards
Roland
On 21.10.2013 08:49, Eric Sesterhenn wrote:
Package: ldap-account-manager Version: 4.3
severity 726976 important
thanks
Hi
As the attack vector includes that malicious data via POST I think
it's safe to downgrade the severity to important.
p.s.: I have requested a CVE for this issue on the oss-security list.
Regards
Salvatore
--
To UNSUBSCRIBE, email to
4 matches
Mail list logo
