PT-2014-8719 · Dokuwiki · Dokuwiki

Splitbrain

Published

2014-10-22

Updated

2016-07-15

CVE-2014-8764

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions DokuWiki versions 2014-05-05a and earlier

Description The issue allows remote attackers to bypass authentication when using Active Directory for LDAP authentication. This is achieved by providing a user name and password starting with a null (0) character, which triggers an anonymous bind.

Recommendations For versions 2014-05-05a and earlier, consider disabling the use of Active Directory for LDAP authentication until a fix is available. As a temporary workaround, restrict access to the LDAP authentication module to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2014-8764

DLA-79-1

DSA-3059-1

MGASA-2014-0438

Affected Products

Dokuwiki

PT-2014-8719 · Dokuwiki · Dokuwiki

CVE-2014-8764

Weakness Enumeration

Related Identifiers

Affected Products

References · 20