IBM Security Directory Server 6.4.0 Vulnerabilities

IBM has released a new security bulletin detailing a number of vulnerabilities in the IBM Security Directory Server version 6.4.0. These vulnerabilities, which appear to be fixed in the 6.4.0.19-ISS-ISDS-IF0019 release, include an inadequate account lockout setting that could allow an attacker to attempt to brute force credentials, and the potential disclosure of sensitive information to unauthorized users. There also appear to be vulnerabilities in non-LDAP components, including HTTP open redirects, incomplete XML sanitization, and a cross-site scripting vulnerability in the web-based UI.

Adldap2 10.1.1

Adldap2 is a PHP package that provides LDAP authentication and directory management tools. The project has just released version 10.1.1, which appears to fix an issue that could cause the library to indicate that an attribute was missing from an entry even if it was present, and changes the default pagination size from 50 entries to 1000.

Adldap2 10.1.0

Adldap2 is a PHP package that provides LDAP authentication and directory management tools. The project has just released version 10.1.0, which appears to add support for query caching, pagination, and the ability to free memory after performing a query. It also fixes an issue in which it used an incorrect default port number when trying to establish an LDAPS connection.