CVE-2019-19747

Name of the Vulnerable Software and Affected Versions NeuVector version 3.1

Description The issue allows an attacker with access to the NeuVector portal to authenticate as any valid LDAP user by providing a valid username and an empty password, given that the Active Directory server has not been configured to reject empty passwords. This occurs when NeuVector is configured to allow authentication via Active Directory.

Recommendations For NeuVector version 3.1, consider configuring the Active Directory server to reject empty passwords as a mitigation measure. Additionally, restrict access to the NeuVector portal to minimize the risk of exploitation.