– Core – LDAP Information Disclosure
- Project: Joomla!
- SubProject: CMS
- Severity: Medium
- Versions: 1.5.0 through 3.7.5
- Exploit type: Information Disclosure
- Reported Date: 2017-July-27
- Fixed Date: 2017-September-19
- CVE Number: CVE-2017-14596
Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password.
Joomla! CMS versions 1.5.0 through 3.7.5
Upgrade to version 3.8.0
The JSST at the Joomla! Security Centre.