25 matches found
Authentication Bypass
github.com/hashicorp/terraform-provider-vault is vulnerable to Authentication Bypass. The vulnerability is due to the default denynullbind parameter being set to false in the LDAP auth method, which allows an attacker to authenticate using anonymous or unauthenticated binds when the LDAP server...
Authentication Bypass
org.apache.druid.extensions:druid-basic-security is vulnerable to an Authentication Bypass. The vulnerability is due to improper validation of LDAP authentication responses when anonymous binds are permitted, which allows an attacker to bypass authentication by supplying an existing username with...
CVE-2026-23906
Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...
CVE-2026-23906
Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...
CVE-2025-13357
Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...
EUVD-2025-198491
Vault’s Terraform Provider incorrectly set default denynullbind parameter for LDAP auth method to false by default...
Vault’s Terraform Provider incorrectly set default deny_null_bind parameter for LDAP auth method to false by default
Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...
CVE-2025-13357
Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...
CVE-2025-13357 Vault Terraform Provider Applied Incorrect Defaults for LDAP Auth Method
Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...
CVE-2025-13357 Vault Terraform Provider Applied Incorrect Defaults for LDAP Auth Method
Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...
PT-2025-47785
Name of the Vulnerable Software and Affected Versions Vault Terraform Provider versions prior to 5.5.0 Description The Vault Terraform Provider was configured with an insecure default setting for the LDAP auth method. Specifically, the deny null bind parameter defaulted to false, which could allo...
EUVD-2006-0426
Malware in sbrugna...
SUSE CVE-2009-3231
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password...
Improper Authentication in Spring Security
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password...
GHSA-GV9V-C375-HVMG Improper Authentication in Spring Security
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password...
activemq: LDAP authentication bypass with anonymous bind
A flaw was found in activemq. When anonymous binds are enabled on the LDAP provider zero length DN/password and the LDAP module is configured to make use of these, client credentials are not correctly verified and authentication is effectively bypassed. The highest threat from this vulnerability ...
CVE-2014-0097
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password...
Design/Logic Flaw
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password...
CVE-2014-0097
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password...
CVE-2014-0097
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password...