N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-p9mp-vq4v-v5m5

GHSA-p9mp-vq4v-v5m5: eZ Publish Legacy Passwordless login for LDAP users

This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy.

Installations that are using the legacy LDAP login handler or the TextFile login handler in combination with the standard legacy login handler, may in rare cases be vulnerable to a failure of the standard login handler to verify passwords correctly, allowing unauthorised access.

If your installation has never used the LDAP or TextFile login handlers, or never used legacy login at all, then it is not affected. Still, we recommend installing the update, to be on the safe side.

To install, use Composer to update to one of the "Resolving versions" mentioned above, or apply this patch manually: https://github.com/ezsystems/ezpublish-legacy/commit/13f03a2be6c0ee4d0caaafaef05904ea9b0c4d9d

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-p9mp-vq4v-v5m5

GHSA-p9mp-vq4v-v5m5:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
ezsystems/ezpublish-legacy	composer	>= 2018.9.0, < 2018.9.1.1	2018.9.1.1
ezsystems/ezpublish-legacy	composer	>= 2018.6.0, < 2018.6.1.2	2018.6.1.2
ezsystems/ezpublish-legacy	composer	>= 2011.0.0, < 2017.12.4.1	2017.12.4.1
ezsystems/ezpublish-legacy	composer	>= 5.4.0, < 5.4.12.1	5.4.12.1
ezsystems/ezpublish-legacy	composer	>= 5.3.0, < 5.3.12.4	5.3.12.4

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper handling of PASSWORD_HASH_EMPTY (0) type users in authentication flow. The pre-patch code in authenticateHash() lacked checks for empty credentials and empty hash type, while createHash() contained fallback logic that could improperly process empty hash types. This allowed LDAP/TextFile users (with password_hash_type=0) to bypass password verification when combined with standard legacy login handler failures. The patch adds explicit checks in authenticateHash() and error handling in createHash() to prevent these scenarios.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-p9mp-vq4v-v5m5: eZ Publish Legacy Passwordless login for LDAP users

GHSA-p9mp-vq4v-v5m5:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

GHSA-p9mp-vq4v-v5m5: eZ Publish Legacy Passwordless login for LDAP users

N/A

N/A

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI