Splitbrain

**Name of the Vulnerable Software and Affected Versions** DokuWiki versions prior to 2014-05-05b **Description** The issue allows remote attackers to bypass authentication when DokuWiki uses Active Directory for LDAP authentication. This is achieved by using a password that starts with a null (`0`) character and a valid user name, resulting in an unauthenticated bind. **Recommendations** For versions prior to 2014-05-05b, update to a version that includes the fix for this issue to prevent authentication bypass.

**Name of the Vulnerable Software and Affected Versions** DokuWiki versions 2014-05-05a and earlier **Description** The issue allows remote attackers to bypass authentication when using Active Directory for LDAP authentication. This is achieved by providing a user name and password starting with a null (0) character, which triggers an anonymous bind. **Recommendations** For versions 2014-05-05a and earlier, consider disabling the use of Active Directory for LDAP authentication until a fix is available. As a temporary workaround, restrict access to the LDAP authentication module to minimize the risk of exploitation.