VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 1, 2013· Updated Apr 29, 2026

CVE-2012-6426

CVE-2012-6426

Description

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.

Affected products

26
  • Lemonldap Ng/Lemonldap\26 versions
    cpe:2.3:a:lemonldap-ng:lemonldap\:\::0.6:*:*:*:*:*:*:*+ 25 more
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\::0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\::0.7:beta:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\::0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\::0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\::1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\::1.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\::1.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:*:*:*:*:*:*:*:*range: <=1.2.2
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:0.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:0.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:0.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:0.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:0.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:0.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:0.9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.2.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.