Veracode Vulnerability DatabaseVERACODE:5331Authentication Bypass
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
spring-ldap-core is vulnerable to authentication bypass. If no additional attributes are bound when connecting to a LDAP server which uses BindAuthenticator with the DefaultTlsDirContextAuthenticationStrategy strategy, an attacker can set userSearch and pass a valid username with an arbitrary password to bypass the authentication strategy. This is because the LDAP bind isn’t correctly invoked.
| CPE | Name | Operator | Version |
|---|---|---|---|
| spring-ldap-core | le | 2.3.1.RELEASE |
References
access.redhat.com/errata/RHSA-2018:0319
github.com/spring-projects/spring-ldap/commit/08e8ae289bbd1b581986c7238604a147119c1336
github.com/spring-projects/spring-ldap/commit/29978442586bfe63273cae1e8139958888988c2d
github.com/spring-projects/spring-ldap/issues/430
github.com/spring-projects/spring-ldap/pull/432
lists.debian.org/debian-lts-announce/2017/11/msg00026.html
pivotal.io/security/cve-2017-8028
www.debian.org/security/2017/dsa-4046
www.oracle.com/security-alerts/cpujan2021.html
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P