In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Veridiumad | Veridiumid | * | 3.5.0 (excluding) |