Possible nginx LDAP security flaw
-
Hi,
I just came across these two posts:
- https://github.com/AgainstTheWest/NginxDay
- https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/
Apparently, there is a flaw in the nginx-ldap-auth module.
I know that Cloudron uses nginx a lot, and LDAP as well, so I wanted to make you aware of this.
I lack the knowledge to determine whether Cloudron is vulnerable.
Could you please investigate and remediate if necessary?
Thanks!
-
Hi,
I just came across these two posts:
- https://github.com/AgainstTheWest/NginxDay
- https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/
Apparently, there is a flaw in the nginx-ldap-auth module.
I know that Cloudron uses nginx a lot, and LDAP as well, so I wanted to make you aware of this.
I lack the knowledge to determine whether Cloudron is vulnerable.
Could you please investigate and remediate if necessary?
Thanks!
-
N nebulon marked this topic as a question on
-
N nebulon has marked this topic as solved on
