Package: src:matrix-synapse-ldap3 Severity: important -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Due to a bug, it is possible to log in as any user without proper authentication: > It turns out the bug was related to a change that was made in the > unreleased “master” branch of the matrix-appservice-ldap3 plugin being > used by Librem Chat to authenticate users over LDAP. The bug ultimately > came down to a mistake in a single line of code in a function related > to LDAP searches: > > - result = yield self._ldap_simple_bind( > + result, _ = yield self._ldap_simple_bind( [1]: https://twitter.com/matrixdotorg/status/1123298776725303299 [2]: https://puri.sm/posts/underscoring-our-transparency-first-librem-one-bug-report/ -----BEGIN PGP SIGNATURE----- iQJTBAEBCAA9FiEE47V74F4CWMP6ghzXtke0/0DsYwMFAlzLKJUfHGFuZHJldy5z aGFkdXJhQGNvbGxhYm9yYS5jby51awAKCRC2R7T/QOxjAwScD/9BQ85xiRRhU8I3 q3wssfABOsV+Oc+LK+UESMNZZglYO5zfQTbzKNEk4gFD8FjR0JJ36QOd4wVNCHRZ 14I4HmdwuFcHTsFwU6NVOfl3Iz2j449t98Yuo61OcoxYhQC1ZLR7hxHSDn7QNKWc 412uug+CH15ieOQwcDbu37U6KJK2h54yHiu3Ty06GAUi9DNlWNTu9x6A1LFNkLNQ d6C/wjhCVIQAdrNU28l24BG1meeXHnh0NKRwOR/tweMWESDwh8lCJC73t3OtVulD 5NxDvTVS+OkwTlj6fDgIzb0IjV/PVxi6K2RxU7V3bXpDu7DdEqTOAEf3d8rXPf9J Xuu9lXqnNOdRmCETtzegfShfe9sv3Ad2XSRtm3HyOs1ygvA0nv/xIgAEmpicTIbp 6VxvIb+WOMlF0Ci+i2RWwJtv2e15obYNXQSZdjGHeYcGUQb/eVRIizDjhC/iB3DE x4j2Cu2Frltq6Iube1GsDpBQEDNVyllG2nxJmLG6zU4LTz2RWj9Su2SZbPSuECmR hX3wZAbkIfGCSUAIw8bDQInJg7ortpFqbBoI3YEqzNpxyhwaqdvqDw5VQtPn0W0J hjjvSsJ5y1PhswfozywhCg/cL8BS2zyfGb6IXcyMQTl3Z3l52yWRtoS4A/2BLGmV +335m1DEHEBTKHV5ETq4i3PrQ5a3ig== =2uCt -----END PGP SIGNATURE-----
