CVE-2007-3193

Name of the Vulnerable Software and Affected Versions: PhpWiki versions prior to 1.3.13p1

Description: The issue allows remote attackers to bypass authentication via an empty password. This occurs when the configuration lacks a nonzero PASSWORD LENGTH MINIMUM, causing ldap bind to return true with certain LDAP implementations.

Recommendations: For versions prior to 1.3.13p1, update to version 1.3.13p1 or later to resolve the issue. As a temporary workaround, consider setting a nonzero PASSWORD LENGTH MINIMUM in the configuration to prevent empty passwords from being used.