CVE-2012-6426 Information

Description

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.

Reference

http://jira.ow2.org/browse/LEMONLDAP-570 http://openwall.com/lists/oss-security/2012/12/19/6 http://openwall.com/lists/oss-security/2012/12/20/6