Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Foreman |
Theforeman |
* |
1.7.3 (including) |
References