7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.2%
The LDAP authentication helper did not strip
leading or trailing spaces from the login name.
According to the squid patches page:
LDAP is very forgiving about spaces in search
filters and this could be abused to log in
using several variants of the login name,
possibly bypassing explicit access controls
or confusing accounting.
Workaround: Block logins with spaces
acl login_with_spaces proxy_auth_regex [:space:]
http_access deny login_with_spaces