Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: net-ldap
date: 2017-12-17
url: https://github.com/ruby-ldap/ruby-net-ldap/issues/258
cve: 2017-17718
title: No validation of hostname certificate in net-ldap
description: |
  The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL
  Certificate Validation. The LDAP server's certificate was not verified
  to match the host it was supposed to be connecting to.
patched_versions:
- ">= 0.16.0"
related:
  url: '["https://github.com/ruby-ldap/ruby-net-ldap/pull/279", "https://github.com/ruby-ldap/ruby-net-ldap/commit/e4c46a223a19feda78393a793711353aa1febdcd"]'