Joomla Security Announcements – Core – LDAP Information Disclosure

Joomla Security Announcements – Core – LDAP Information Disclosure
5 (100%) 4 votes
    • Project: Joomla!
    • SubProject: CMS
    • Severity: Medium
    • Versions: 1.5.0 through 3.8.1
    • Exploit type: Information Disclosure
    • Reported Date: 2017-October-06
    • Fixed Date: 2017-November-07
    • CVE Number: CVE-2017-14596

    Description

    Inadequate escaping in the LDAP authentication plugin can result in disclosure of username and password.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.8.1

    Solution

    Upgrade to version 3.8.2