Skip to main content

Ldap Tool Box Self Service Password

1 CVEs product

Monthly

CVE-2018-12421 CRITICAL PATCH Act Now

LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Ldap Tool Box Self Service Password
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Ldap Tool Box Self Service Password
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy