Authentication Bypass

2020-04-1000:59:40

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

JSON

openldap is vulnerable to authentication bypass. The vulnerability exists as a flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password.

CPENameOperatorVersion
openldapeq2.3.43__3.el5
openldapeq2.3.27__8.el5_2.4
openldapeq2.3.27__8.el5_1.1
openldapeq2.3.27__8.el5_1.3
openldapeq2.3.43__3.el5
openldapeq2.3.27__8.el5_2.4
openldapeq2.3.27__8.el5_1.1
openldapeq2.3.27__8.el5_1.3

Name	Operator	Version
openldap	eq	2.3.43__3.el5
openldap	eq	2.3.27__8.el5_2.4
openldap	eq	2.3.27__8.el5_1.1
openldap	eq	2.3.27__8.el5_1.3
openldap	eq	2.3.43__3.el5
openldap	eq	2.3.27__8.el5_2.4
openldap	eq	2.3.27__8.el5_1.1
openldap	eq	2.3.27__8.el5_1.3