CVE-2021-21484

LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind...

LDAP authentication bypass with empty password

Impact Users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated binds eg. default on Active Directory are affected. Patch...

GHSA-5HMM-X8Q8-W5JH LDAP authentication bypass with empty password

Impact Users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated binds eg. default on Active Directory are affected. Patch...

PT-2020-15530 · Jenkins · Jenkins Active Directory Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Active Directory Plugin versions 2.19 and earlier Description: The issue allows attackers to log in to Jenkins as any user by providing an empty password, depending on the configuration of the Active Directory server. This is possible...

Fedora 22 : cherokee-1.2.103-6.fc22 (2015-6194)

Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it...

Apache CloudStack 4.3 / 4.4 Unauthenticated LDAP Binds Vulnerability

Apache CloudStack may be configured to authenticate LDAP users. When so configured, it performs a simple LDAP bind with the name and password provided by a user. Simple LDAP binds are defined with three mechanisms RFC 4513: 1 username and password; 2 unauthenticated if only a username is specifie...

Server: Login bypass when using user_ldap due to unauthenticated binds

"userldap" in the web-interface called "LDAP user and group backend" is an optional authentication backend for ownCloud for using LDAP users and groups within the ownCloud web application. The ownCloud team has discovered a vulnerability within the "userldap" application which, depending on the...

Shiro: successful authentication without specifying user name or password

It was discovered that Apache Shiro authenticated users without specifying a user name or a password when used in conjunction with an LDAP back end that allowed unauthenticated binds...

Shiro: successful authentication without specifying user name or password

It was discovered that Apache Shiro authenticated users without specifying a user name or a password when used in conjunction with an LDAP back end that allowed unauthenticated binds...