The following metadata has been embedded in the body. Website Malware Removal Service – [20170902] - Core - LDAP Information Disclosure

[20170902] – Core – LDAP Information Disclosure

Posted by MalRemServ on 19 09 2017. 0 Comments

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Medium
  • Versions: 1.5.0 through 3.7.5
  • Exploit type: Information Disclosure
  • Reported Date: 2017-July-27
  • Fixed Date: 2017-September-19
  • CVE Number: CVE-2017-14596

Description

Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.7.5

Solution

Upgrade to version 3.8.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Dr. Johannes Dahse, RIPS Technologies GmbH



This information provided by Security Announcements. For more information or details on this exploit or vulnerability, please visit Link.

If you have this installed, we highly recommend you update to the latest version immediately, or if you are no longer using it, remove it from your site. If your site has been compromised due to this vulnerability, we can help.

If you aren’t technical and you need immediate assistance, we can reduce the impact and prevent further damage quickly – Now is your chance, we can have the typical site cleaned and secured in just a few hours. Check out our Pricing page for details on our professional, reliable malware removal services.