Описание
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web Services" before 4.13.1.
EPSS
Процентиль: 21%
0.00067
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-1390
Связанные уязвимости
CVSS3: 9.1
github
больше 1 года назад
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web Services" before 4.13.1.
EPSS
Процентиль: 21%
0.00067
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-1390