Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Moonraker with LDAP Enabled Allows Malicious Search Filter Injection
Vulnerability Description
Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover LDAP entries on the server such as user IDs and user attributes. This issue has been fixed in version 0.10.0.
CVSS Information
N/A
Vulnerability Type
LDAP查询中使用的特殊元素转义处理不恰当(LDAP注入)
Vulnerability Title
Moonraker 安全漏洞
Vulnerability Description
Moonraker是Eric Callahan个人开发者的一个Web接口服务器。 Moonraker 0.9.3及之前版本存在安全漏洞,该漏洞源于LDAP搜索过滤器注入,可能导致暴力破解方法发现服务器上的LDAP条目。
CVSS Information
N/A
Vulnerability Type
N/A