PT-2010-4423 · Red Hat · Sssd
Ted Brunell
·
Publicado
2010-08-30
·
Atualizado
2017-08-17
·
CVE-2010-2940
CVSS v2.0
5.1
Média
| Vetor | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SSSD version 1.3.0
Description
The issue allows remote attackers to bypass authentication requirements by providing an empty password when LDAP authentication and anonymous bind are enabled. This is due to a problem in the
auth send function.Recommendations
For SSSD version 1.3.0, consider disabling anonymous bind or restricting access to the LDAP authentication mechanism until a patch is available. As a temporary workaround, avoid using empty passwords in the affected
auth send function.Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sssd