In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Veridiumad | Veridiumid | * | 3.5.0 (excluding) |
References
- https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement
- https://veridiumid.com/veridium-id-authentication-platform/
- https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement
- https://veridiumid.com/veridium-id-authentication-platform/