CVE-2015-1816 - Tautologic Forever

Description

Forman before 1.7.4 does not verify SSL certificates for LDAP connections which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.

Reference

https://access.redhat.com/errata/RHSA-2015:1592 https://access.redhat.com/errata/RHSA-2015:1591 https://github.com/theforeman/foreman/pull/2265 http://projects.theforeman.org/issues/9858 https://groups.google.com/forum/#!topic/foreman-announce/9ZnuPcplNLI