Описание
login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:pete_werner:login_ldap:3.1:*:*:*:*:*:*:*
cpe:2.3:a:pete_werner:login_ldap:3.2:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00488
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
почти 4 года назад
login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password.
EPSS
Процентиль: 65%
0.00488
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-287