PT-2011-1137 · Libuser+1 · Libuser+2

Published

2011-01-20

Updated

2017-08-17

CVE-2011-0002

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions libuser versions prior to 0.57 libuser-devel versions prior to 0.57

Description The issue allows remote attackers to obtain access by specifying certain values, such as !! or x, for new LDAP user accounts, which are used as cleartext password values. This can lead to a breach of confidentiality and integrity of protected information. The exploitation of this issue can be carried out remotely.

Recommendations For versions prior to 0.57, update to version 0.57 or later to resolve the issue. As a temporary workaround, consider restricting access to new LDAP user accounts until a patch is available. Avoid using the default cleartext password values !! or x for new LDAP user accounts in affected versions.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

BDU:2015-07155

BDU:2015-07156

BDU:2015-07157

BDU:2015-07158

BDU:2015-08672

BDU:2015-08673

BDU:2015-08674

BDU:2015-08675

CVE-2011-0002

RHSA-2011:0170

RHSA-2011_0170

Affected Products

Red Hat

Libuser

Libuser-Devel

PT-2011-1137 · Libuser+1 · Libuser+2

CVE-2011-0002

Weakness Enumeration

Related Identifiers

Affected Products

References · 34