Personal tools
  • We're Hiring!

You are here: Home Products OMERO Security Vulnerabilities 2012-SV1 LDAP Authentication

2012-SV1 LDAP Authentication

LDAP-related security vulnerability affecting OMERO4 versions up to and including 4.3.3 and up to and including 4.4.3


An LDAP authentication vulnerability has been found in OMERO.server.


When OMERO.server has LDAP authentication enabled and the LDAP server allows anonymous binds the use of an empty ("") password via the OMERO.server API permits logging in as any LDAP-based user.

Affected packages

OMERO.server between 4.3.0 and 4.3.3 inclusive, and all 4.4 servers prior to 4.4.3


A remote attacker could possibly login to accounts he/she is not permitted to access via the OMERO.server API. Logins via OMERO.insight or OMERO.web are not affected.


Disable LDAP authentication.


All OMERO.server users should upgrade to at least 4.3.4:



Sebastien Besson [1] for notifying the OME team of this security issue.


Document Actions