RubySec

Providing security resources for the Ruby community

CVE-2012-5604 (ldap_fluff): CVE-2012-5604 rubygem-ldap_fluff: CloudForms authentication bypass when handling anonymous LDAP bind

ADVISORIES

GEM

ldap_fluff

SEVERITY

CVSS v2: 5.0 (Medium)

PATCHED VERSIONS

  • >= 0.1.3

DESCRIPTION

The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.