PT-2011-3218 · Ibm · Ibm Aix
Published
2011-04-05
·
Updated
2011-04-05
·
CVE-2011-1561
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IBM AIX version 6.1 with bos.rte.security version 6.1.6.4
Description
The issue concerns the LDAP login feature in IBM AIX. When ldap auth is enabled in ldap.cfg, it allows remote attackers to bypass authentication by attempting a login with an arbitrary password.
Recommendations
For IBM AIX version 6.1 with bos.rte.security version 6.1.6.4, consider disabling the LDAP login feature until a fix is available. Restrict access to the ldap auth configuration in ldap.cfg to minimize the risk of exploitation.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Aix