[20170902] - Core - LDAP Information Disclosure
- Details
- Joomla RSS Sicherheit
- Kategorie: Joomla News
Project: Joomla!
SubProject: CMS
Severity: Medium
Versions: 1.5.0 through 3.7.5
Exploit type: Information Disclosure
Reported Date: 2017-July-27
Fixed Date: 2017-September-19
CVE Number: CVE-2017-14596
Description
Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.7.5
Solution
Upgrade to version 3.8.0
Contact
The JSST at the Joomla! Security Centre.
Reported By: Dr. Johannes Dahse, RIPS Technologies GmbH
- Zugriffe: 1558