Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO
system. The flaws could result in information disclosure, authentication bypass, or could allow an attacker to increase its authentication level
or impersonate another user, especially when lemonldap-ng is configured
to increase authentication level for users authenticated via a second
For the stable distribution (buster), these problems have been fixed in
We recommend that you upgrade your lemonldap-ng packages.