CVE-2012-5604 rubygem-ldap_fluff: CloudForms authentication bypass when handling anonymous LDAP bind
Published: December 04, 2012
SECURITY IDENTIFIERS
- CVE: CVE-2012-5604 (NVD)
- GHSA: GHSA-9whh-582r-589h
- OSVDB: OSVDB-90579
GEM
SEVERITY
CVSS v2.0: 5.0 (Medium)
PATCHED VERSIONS
>= 0.1.3
DESCRIPTION
The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.