Security Advisory: Disabled Users able to log-in when LDAP authentication is enabled

Last modified 09 Feb 2024 14:12 +01:00

Date: 5 June 2023

Severity: Medium (CVSS 5.7)

Affected versions: all released midPoint versions

Fixed in versions: 4.7.1, 4.4.5, 4.6.1


User which is disabled in midPoint, but still active in LDAP, is able to log-in to midPoint GUI if LDAP authentication was enabled and configured.

Severity and Impact

This is medium-severity issue.

The users perceived to not have access to the system, are still able to log in.


  • Disable LDAP authentication on affected midPoint versions

  • Automatically deactivate users in LDAP when they are disabled in midPoint.

  • Update midPoint to latest maintenance versions, which contains fix (4.7.1, 4.4.5, 4.6.1).

Was this page helpful?
Thanks for your feedback