CVE-2003-1434

Name of the Vulnerable Software and Affected Versions login ldap versions 3.1 through 3.2

Description The issue allows remote attackers to initiate unauthenticated bind requests under certain conditions. This can happen if bind anon dn is enabled, allowing a bind with no password provided, or if bind anon cred is enabled, allowing a bind with no DN. Additionally, if bind anon is enabled, it allows a bind with no DN or password.

Recommendations For versions 3.1 and 3.2, consider disabling the bind anon dn, bind anon cred, and bind anon features to prevent unauthenticated bind requests until a patch is available. Restrict access to the login functionality to minimize the risk of exploitation.