Debian Linux Security Advisory 4446-1 - It was discovered that the Lemonldap::NG web SSO system performed insufficient validation of session tokens if the "tokenUseGlobalStorage" option is enabled, which could grant users with access to the main session database access to an anonymous session.
f9e4831d4e6bfe5319ca46b593f9ccfa8c06f227653e0e99572eea2f6cd66998