Sshke

Name of the Vulnerable Software and Affected Versions: UnboundID LDAP SDK versions from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6 Description: The issue concerns an Incorrect Access Control vulnerability in the `process` function of the `SimpleBindRequest` class. This vulnerability occurs when the function does not check for an empty password while running in synchronous mode, potentially allowing an attacker to impersonate any valid user by providing a valid username and an empty password against servers that do not perform additional validation, as per the guidelines in RFC 4513, section 5.1.1. Recommendations: For UnboundID LDAP SDK versions from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, update to a version after commit 8471904a02438c03965d21367890276bc25fa5a6 to resolve the issue. As a temporary workaround, consider adding additional validation on the server-side to check for empty passwords, as recommended by RFC 4513, section 5.1.1, until the update can be applied.