CVE-2018-12421

CRITICAL

LTB Self Service Password <1.3 - Auth Bypass

Title source: llm

Description

LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.

Exploits (1)

nomisec STUB 1 stars

by reversebrain · poc

https://github.com/reversebrain/CVE-2018-12421

View Code ZIP pw:eip

References (3)

[Third Party Advisory] https://github.com/ltb-project/self-service-password/issues/209

[Third Party Advisory] https://github.com/ltb-project/self-service-password/issues/211

[Mailing List, Patch, Vendor Advisory] https://lists.ltb-project.org/pipermail/ltb-announce/2018-June/000023.html

Scores

CVSS v3 9.8

EPSS 0.0098

EPSS Percentile 76.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-640

Status published

Products (1)

ltb-project/ldap_tool_box_self_service_password < 1.3

Published Jun 14, 2018

Tracked Since Feb 18, 2026