Описание
The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.
Ссылки
- Broken LinkPatchVendor Advisory
- Broken Link
- Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkPatchVendor Advisory
- Broken Link
- Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 6.5.19 (включая)
cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00363
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-346
Связанные уязвимости
github
почти 4 года назад
The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.
EPSS
Процентиль: 58%
0.00363
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-346