CNNVD-202512-3777 Information
CNNVD ID
CNNVD-202512-3777
Related CVE
- CNNVD Published: 2025-12-19
Description (Chinese)
LDAP Tool Box Self Service Password是LDAP Tool Box开源的一个 PHP 应用程序,允许用户更改 LDAP 目录中的密码。 LDAP Tool Box Self Service Password 1.5.2版本存在授权问题漏洞,该漏洞源于密码重置令牌生成不当,可能导致账户接管。
Description (English)
LDAP Tool Box Service Password is a PHP application for LDAP Tool Box open source, allowing users to change passwords in LDAP directory. Version 1.5.2 of LDAP Tool Box Service Password has a mandate gap, which stems from the improper creation of a password resetting token, which may lead to the account taking over.
Hazard Level
Medium
Vulnerability Type
授权问题
Affected Vendor
LDAP Tool Box
Published
2025-12-19
Last Modified
2026-02-24
References
https://github.com/ltb-project/self-service-password https://www.vulncheck.com/advisories/ldap-tool-box-self-service-password-account-takeover-via- https://www.exploit-db.com/exploits/51275 https://access.redhat.com/security/cve/cve-2023-53958
Patch
https://ltb-project.org/download.html
Share on: