CVE-2026-23906

Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind Vulnerability Description An authentication bypass...

GHSA-Q672-HFC7-G833 Apache Druid Vulnerable to Authentication Bypass

Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...

Apache Druid Vulnerable to Authentication Bypass

Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...

Missing Authentication

Overview org.apache.druid.extensions:druid-basic-security is a basic security package for Apache Druid. Affected versions of this package are vulnerable to Missing Authentication in validateCredentials for LDAP, which does not check passwords for anonymous bind requests. An attacker in possession...

CVE-2026-23906

Summary (CVE-2026-23906) : Apache Druid versions 0.17.0 through 35.x are affected when using the druid-basic-security extension with LDAP authentication and an LDAP server that allows anonymous bind. The vulnerability arises from improper validation of LDAP authentication responses, where anonymo...

CVE-2026-23906

Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...

CVE-2026-23906 Apache Druid: Authentication Bypass via LDAP Anonymous Bind

Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...

PT-2026-7140

Name of the Vulnerable Software and Affected Versions Apache Druid versions 0.17.0 through 35.x Description An authentication bypass issue exists in Apache Druid when the druid-basic-security extension is enabled with LDAP authentication. If the underlying LDAP server allows anonymous binds, an...

SUSE CVE-2025-13357

Vault's Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

GHSA-GMM6-J2G5-R52M Vault’s Terraform Provider incorrectly set default deny_null_bind parameter for LDAP auth method to false by default

Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

sssd security update

2.9.4-5.0.2.3 - Missing ntohs to service port Orabug: 37389651 - Restore default debug level for ssscache Orabug: 32810448 2.9.4-5.3 - Resolves: RHEL-112455 - p11child currently has an infinite timeout rhel-8.10.z - Resolves: RHEL-120292 - CVE-2025-11561 sssd: SSSD default Kerberos configuration...

EUVD-2002-0007

Malware in sbrugna...

EUVD-2014-0020

Malware in sbrugna...

EUVD-2022-3834

Malicious code in bioql PyPI...

LDAP Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LDAP Information Disclosure', 'Description' = %q This module uses an anonymous-bind LDAP connection to dump data from an LDAP server. Searching f...

CVE-2022-37397

An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password...

activemq: LDAP authentication bypass with anonymous bind

A flaw was found in activemq. When anonymous binds are enabled on the LDAP provider zero length DN/password and the LDAP module is configured to make use of these, client credentials are not correctly verified and authentication is effectively bypassed. The highest threat from this vulnerability ...

Apache ActiveMQ < 5.15.14, 5.16.0 < 5.16.1 Anonymous Bind Vulnerability

Apache ActiveMQ is prone to an anonymous bind vulnerability in the optional ActiveMQ LDAP login module. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2021-26117 ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error...

activemq: LDAP authentication bypass with anonymous bind

A flaw was found in activemq. When anonymous binds are enabled on the LDAP provider zero length DN/password and the LDAP module is configured to make use of these, client credentials are not correctly verified and authentication is effectively bypassed. The highest threat from this vulnerability ...