Lucene search
GoogleOSV:CVE-2020-26168HistoryNov 09, 2020 - 10:15 p.m.
CVE-2020-26168
2020-11-0922:15:13
Google
osv.dev
5
ldap
authentication
vulnerability
hazelcast imdg
jet enterprise
The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn’t verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid passwords.
References
docs.hazelcast.org/docs/ern/index.html#4-0-3
hazelcast.zendesk.com/hc/en-us/articles/360050161951--IMDG-Enterprise-4-0-4-0-1-4-0-2-LDAP-Authentication-Bypass
hazelcast.zendesk.com/hc/en-us/articles/360051384932--JET-Enterprise-4-0-4-1-4-1-1-4-2-LDAP-Authentication-Bypass
jet-start.sh/blog/2020/10/23/jet-43-is-released
Related
cve
cve
CVE-2020-26168
2020-11-09 22:15:13
prion
prion
Authentication flaw
2020-11-09 22:15:00
cvelist
cvelist
CVE-2020-26168
2020-11-09 21:28:39
nvd
nvd
CVE-2020-26168
2020-11-09 22:15:13