Personal tools
  • We're Hiring!

You are here: Home Support OMERO Platform v4 Security Vulnerabilities
Update Warning
Updating: This section is currently being updated for our 4.4 release. The documentation for the 4.3.3 release is available here.
 

Security Vulnerabilities

The following page details all security vulnerabilities in OMERO software.

Synopsis

An LDAP authentication vulnerability has been found in OMERO.server.

Background

When OMERO.server has LDAP authentication enabled and the LDAP server allows anonymous binds the use of an empty ("") password via the OMERO.server API permits logging in as any LDAP-based user.

Affected packages

Package / Vulnerable / Unaffected

OMERO.server < 4.3.4

Impact

A remote attacker could possibly login to accounts he/she is not permitted to access via the OMERO.server API. Logins via OMERO.insight or OMERO.web are not affected.

Workaround

Disable LDAP authentication.

Resolution

All OMERO.server users should upgrade to at least 4.3.4:

Thanks

Sebastien Besson [1] for notifying the OME team of this security issue.

[1] http://lists.openmicroscopy.org.uk/pipermail/ome-devel/2012-January/002118.html

Document Actions