CVE-2024-45160

Summary

CVE-2024-45160 is a vulnerability affecting LemonLDAP::NG versions 2.18.x and 2.19.x prior to 2.19.2. Maliciously crafted requests can bypass OAuth2 client authentication due to incorrect credential validation. Attackers can exploit this issue by providing an empty client_password parameter (client secret), allowing unauthorized access to protected resources. This vulnerability poses a significant risk for organizations using LemonLDAP::NG and could lead to data breaches if not addressed promptly. It is strongly recommended that users update to the latest version of LemonLDAP::NG as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.