CVE-2005-2654

Name of the Vulnerable Software and Affected Versions phpldapadmin versions prior to 0.9.6c

Description The issue allows remote attackers to gain anonymous access to the LDAP server, even when disable anon bind is set. This can be achieved via an HTTP request to "login.php" with the anonymous bind parameter set.

Recommendations For versions prior to 0.9.6c, update to version 0.9.6c or later to resolve the issue. As a temporary workaround, consider restricting access to the "login.php" endpoint until a patch is available.