Lucene search
HistoryAug 30, 2010 - 8:00 p.m.
CVE-2010-2940
CVSS2
5.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
6.8
Confidence
Low
EPSS
0.008
Percentile
81.2%
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.
Affected configurations
Node
fedoraprojectsssdMatch1.3.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | sssd | 1.3.0 | cpe:2.3:a:fedoraproject:sssd:1.3.0:*:*:*:*:*:*:* |
Related
fedora
fedora
[SECURITY] Fedora 13 Update: sssd-1.2.2-21.fc13
2010-09-02 20:44:45
[SECURITY] Fedora 14 Update: sssd-1.3.0-30.fc14
2010-09-02 04:01:23
[SECURITY] Fedora 13 Update: sssd-1.3.0-40.fc13
2011-01-21 22:55:50
nessus
nessus
Fedora 12 : sssd-1.2.2-20.fc12 (2010-13557)
2010-09-03 00:00:00
Fedora 14 : sssd-1.3.0-30.fc14 (2010-13474)
2010-09-02 00:00:00
Fedora 13 : sssd-1.2.2-21.fc13 (2010-13549)
2010-09-03 00:00:00
debiancve
debiancve
CVE-2010-2940
2010-08-30 20:00:02
openvas
openvas
Fedora Update for sssd FEDORA-2010-13549
2010-09-07 00:00:00
Fedora Update for sssd FEDORA-2010-13549
2010-09-07 00:00:00
Fedora Update for sssd FEDORA-2010-13474
2010-12-02 00:00:00
prion
prion
Authentication flaw
2010-08-30 20:00:00
cvelist
cvelist
CVE-2010-2940
2010-08-30 19:00:00
ubuntucve
ubuntucve
CVE-2010-2940
2010-08-30 00:00:00
cve
cve
CVE-2010-2940
2010-08-30 20:00:02
CVSS2
5.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
6.8
Confidence
Low
EPSS
0.008
Percentile
81.2%
Related for NVD:CVE-2010-2940