Lucene search
HistoryAug 30, 2010 - 8:00 p.m.
CVE-2010-2940
cve-2010-2940
sssd
ldap authentication
remote attack
6.6 Medium
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
80.8%
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fedoraproject:sssd | fedoraproject sssd | eq | 1.3.0 |
Related
nessus
nessus
Fedora 12 : sssd-1.2.2-20.fc12 (2010-13557)
2010-09-03 00:00:00
Fedora 14 : sssd-1.3.0-30.fc14 (2010-13474)
2010-09-02 00:00:00
Fedora 13 : sssd-1.2.2-21.fc13 (2010-13549)
2010-09-03 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: sssd-1.2.2-21.fc13
2010-09-02 20:44:45
[SECURITY] Fedora 14 Update: sssd-1.3.0-30.fc14
2010-09-02 04:01:23
[SECURITY] Fedora 12 Update: sssd-1.2.2-20.fc12
2010-09-02 20:41:54
openvas
openvas
Fedora Update for sssd FEDORA-2010-13549
2010-09-07 00:00:00
Fedora Update for sssd FEDORA-2010-13549
2010-09-07 00:00:00
Fedora Update for sssd FEDORA-2010-13474
2010-12-02 00:00:00
debiancve
debiancve
CVE-2010-2940
2010-08-30 20:00:00
ubuntucve
ubuntucve
CVE-2010-2940
2010-08-30 00:00:00
prion
prion
Authentication flaw
2010-08-30 20:00:00
6.6 Medium
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
80.8%
Related for CVE-2010-2940