RubySec

Providing security resources for the Ruby community

CVE-2017-17718 (net-ldap): No validation of hostname certificate in net-ldap

ADVISORIES

GEM

net-ldap

SEVERITY

CVSS v3: 5.9

PATCHED VERSIONS

  • >= 0.16.0

DESCRIPTION

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. The LDAP server’s certificate was not verified to match the host it was supposed to be connecting to.