PT-2011-1137 · Libuser+1 · Libuser+2
Publicado
2011-01-20
·
Atualizado
2017-08-17
·
CVE-2011-0002
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
libuser versions prior to 0.57
libuser-devel versions prior to 0.57
Description
The issue allows remote attackers to obtain access by specifying certain values, such as
!! or x, for new LDAP user accounts, which are used as cleartext password values. This can lead to a breach of confidentiality and integrity of protected information. The exploitation of this issue can be carried out remotely.Recommendations
For versions prior to 0.57, update to version 0.57 or later to resolve the issue.
As a temporary workaround, consider restricting access to new LDAP user accounts until a patch is available.
Avoid using the default cleartext password values
!! or x for new LDAP user accounts in affected versions.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Red Hat
Libuser
Libuser-Devel