The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
AV:N/AC:M/Au:N/C:P/I:P/A:P
02/07/2014
by Cherokee-Project
4 years ago
by Fedoraproject
a month ago
by Mageia Project
9 years ago