Lucene search

K
githubGitHub Advisory DatabaseGHSA-3F8R-4QWM-R7JF
HistoryMay 18, 2021 - 3:39 p.m.

Improper Authentication in Apache Traffic Control

2021-05-1815:39:16
CWE-287
GitHub Advisory Database
github.com
16

0.004 Low

EPSS

Percentile

74.7%

Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user’s correct password.

0.004 Low

EPSS

Percentile

74.7%

Related for GHSA-3F8R-4QWM-R7JF