CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0083
https://notcve.org/view.php?id=CVE-2014-0083
The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. La gema net-ldap de Ruby versiones anteriores a 0.11 usa una sal débil cuando genera contraseñas SSHA. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0083 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0083 https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a https://security-tracker.debian.org/tracker/CVE-2014-0083 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 5.9EPSS: 0%CPEs: 22EXPL: 0CVE-2017-17718 – rubygem-net-ldap: Missing SSL Certificate Validation
https://notcve.org/view.php?id=CVE-2017-17718
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. La gema Net::LDAP (también conocido como net-ldap) en versiones anteriores a la 0.16.0 para Ruby carece de validación de certificados SSL. • http://openwall.com/lists/oss-security/2017/12/17/10 https://github.com/ruby-ldap/ruby-net-ldap/issues/258 https://github.com/ruby-ldap/ruby-net-ldap/pull/279 https://access.redhat.com/security/cve/CVE-2017-17718 https://bugzilla.redhat.com/show_bug.cgi?id=1527048 • CWE-295: Improper Certificate Validation •