AnswersPublished14 sources
Critical Security Flaws Found in LemonLDAP::NG: Open Redirect, 2FA Bypass, and More
A new open redirect vulnerability (CVE 2026 12804) has been discovered in LemonLDAP::NG up to version 2.23.0, allowing attackers to redirect users to malicious sites via the SAML Common Domain Cookie Endpoint. CVE 2023 28862 affects versions before 2.16.1, enabling attackers to bypass 2FA verification due to weak se...
416K0
AI Prompt
openai.comCreate a landscape editorial hero image for this Studio Global article: trouve moi des failles de securité. Article summary: J’ai trouvé des vulnérabilités publiquement référencées pour LemonLDAP::NG, dont une qui concerne explicitement les versions jusqu’à 2.23.0.. Topic tags: general web, ai, code, api, security. Style: premium digital editorial illustration, source-backed research mood, clean composition, high detail, modern web publication hero. Use reference image context only for broad subject, composition, and topical grounding; do not copy the exact image. Avoid: logos, brand marks, copyrighted characters, real person likenesses, fake screenshots, UI text, readable text, watermarks, charts with fake numbers, clickbait thumbnails, icons, and tiny thumbnail layouts. Make it useful as an illustrative visual, not as factual evidence.
Publicly referenced vulnerabilities have been identified for LemonLDAP::NG, including one that explicitly affects versions up to 2.23.0. The list below is based on publicly available advisories.
Relevant Vulnerabilities
-
CVE-2026-12804 — Open redirect: An open redirect vulnerability exists in LemonLDAP::NG up to version 2.23.0, within the SAML Common Domain Cookie Endpoint component, due to improper validation of a URL parameter.
- Probable Impact: Redirection of users to an attacker-controlled site, useful for phishing or trust bypass.
- Priority: High if you use SAML/CDC or if the portal is publicly exposed.
- Probable Impact: Redirection of users to an attacker-controlled site, useful for phishing or trust bypass.
-
CVE-2023-28862 — 2FA bypass / AuthBasic sessions: Versions prior to 2.16.1 have weak session ID generation in the AuthBasic handler and incorrect failure handling during password verification, which can allow bypassing 2FA verification.
- Impact: Bypassing strong authentication in certain AuthBasic scenarios.
- Priority: Critical only if your deployment is old or if affected code has been reintroduced.
- Impact: Bypassing strong authentication in certain AuthBasic scenarios.
-
CVE-2020-24660 — Access control bypass with NGINX: LemonLDAP::NG up to 2.0.8 allowed bypassing URL access rules on protected Virtual Hosts via non-normalized URIs when using NGINX.
Studio Global AI
Search, cite, and publish your own answer
Use this topic as a starting point for a fresh source-backed answer, then compare citations before you share it.
People also ask
What is the short answer to "Critical Security Flaws Found in LemonLDAP::NG: Open Redirect, 2FA Bypass, and More"?
A new open redirect vulnerability (CVE 2026 12804) has been discovered in LemonLDAP::NG up to version 2.23.0, allowing attackers to redirect users to malicious sites via the SAML Common Domain Cookie Endpoint.
What are the key points to validate first?
A new open redirect vulnerability (CVE 2026 12804) has been discovered in LemonLDAP::NG up to version 2.23.0, allowing attackers to redirect users to malicious sites via the SAML Common Domain Cookie Endpoint. CVE 2023 28862 affects versions before 2.16.1, enabling attackers to bypass 2FA verification due to weak session ID generation in the AuthBasic handler.
What should I do next in practice?
Older versions (up to 2.0.8) are vulnerable to CVE 2020 24660, which allows bypassing URL based access controls when using NGINX via non normalized URIs.
Sources
Loading comments...
Comments
0 comments