Comments (8)
Of course, write to clement.oudot at worteks.com
from self-service-password.
Of course, write to clement.oudot at worteks.com
Thanks, I just sent you the email from my corporate mailbox. I am waiting for your feedback. thank you.
from self-service-password.
Hello @piuppi
bug confirmed and patch provided privately. It will be published in 1.5.4 which should be released very soon.
from self-service-password.
Applied in master with commit eddde9f and commit 603a509
from self-service-password.
Hello @coudot
thank you for confirming the bug and providing the patch privately. I also wanted to inform you that I have initiated the process of requesting a CVE for this vulnerability to ensure that it is properly documented and tracked. I appreciate your efforts in addressing this issue, and I look forward to the public release of version 1.5.4 with the implemented patch. If there are any additional steps or information needed from my side, please let me know. Thank you again for your prompt response.
from self-service-password.
@piuppi Version 1.5.4 was released today: https://github.com/ltb-project/self-service-password/releases/tag/v1.5.4
Please let me know if you got a CVE number
from self-service-password.
@coudot I made the request, I'm waiting for the CVE ID to be assigned to me. As soon as I have news I'll write to you here
from self-service-password.
Hello @coudot, MITRE assigned CVE-2023-49032. Regards.
from self-service-password.
Related Issues (20)
- Add an option to unlock the account in OpenLDAP when password is changed
- Cannot use signal as SMS method HOT 6
- arm64 build HOT 5
- Use DNS SRV record for ldap HOT 2
- Dockerfile fails to build HOT 3
- AWS Managed AD Configugration
- LDAP Tool Box Self Service Password v1.5.2 - Account takeover HOT 3
- PHP Parse error: syntax error, unexpected variable "$ldap_bindpw" HOT 1
- self-service-password debian package not depending on smarty HOT 3
- Failed to modify the password for admin HOT 1
- Samba4 use tls HOT 5
- Configuration parameter $allowed_lang is ignored HOT 1
- add an indicator of entropy during password change HOT 4
- Docker: support volumes for configuration HOT 3
- Docker, Error "require_once(/usr/share/php/smarty3/Smarty.class.php) No such file or directory" HOT 3
- Update bootstrap library
- clean useless function show_policy
- LDAP - Bind error 49 (Invalid credentials) HOT 3
- error: SvcErr: DSID-03190F9E, HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from self-service-password.