Lucene search
MitreCVELIST:CVE-2020-26168HistoryNov 09, 2020 - 9:28 p.m.
CVE-2020-26168
2020-11-0921:28:39
mitre
www.cve.org
3
ldap
authentication
vulnerability
hazelcast imdg
jet enterprise
4.x
password verification
The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn’t verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid passwords.
References
docs.hazelcast.org/docs/ern/index.html#4-0-3
hazelcast.zendesk.com/hc/en-us/articles/360050161951--IMDG-Enterprise-4-0-4-0-1-4-0-2-LDAP-Authentication-Bypass
hazelcast.zendesk.com/hc/en-us/articles/360051384932--JET-Enterprise-4-0-4-1-4-1-1-4-2-LDAP-Authentication-Bypass
jet-start.sh/blog/2020/10/23/jet-43-is-released
Related
cve
cve
CVE-2020-26168
2020-11-09 22:15:13
prion
prion
Authentication flaw
2020-11-09 22:15:00
osv
osv
CVE-2020-26168
2020-11-09 22:15:13
nvd
nvd
CVE-2020-26168
2020-11-09 22:15:13