Ted Brunell

**Name of the Vulnerable Software and Affected Versions** SSSD version 1.3.0 **Description** The issue allows remote attackers to bypass authentication requirements by providing an empty password when LDAP authentication and anonymous bind are enabled. This is due to a problem in the `auth send` function. **Recommendations** For SSSD version 1.3.0, consider disabling anonymous bind or restricting access to the LDAP authentication mechanism until a patch is available. As a temporary workaround, avoid using empty passwords in the affected `auth send` function.