Vulnerabilities > LTB Project > Ldap Tool BOX Self Service Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-14 | CVE-2018-12421 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ltb-Project Ldap Tool BOX Self Service Password LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string. | 9.8 |