RubySec

Providing security resources for the Ruby community

CVE-2014-0083 (net-ldap): CVE-2014-0083 rubygem-net-ldap: SSHA passwords generated by the net-ldap Ruby gem use a weak salt

ADVISORIES

GEM

net-ldap

SEVERITY

CVSS v3.x: 5.5 (Medium)

CVSS v2.0: 1.9 (Low)

PATCHED VERSIONS

  • >= 0.6.0

DESCRIPTION

The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories