CVE-2003-0174
CRITICALIRIX < 6.5.19 - Unauthenticated Login via LDAP USERPASSWORD Attribute Bypass
Title source: llmDescription
The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.
References (4)
Core 4
Core References
Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7442
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11860
Broken Link, Patch, Vendor Advisory vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P
Broken Link third-party-advisory
government-resource
x_refsource_ciac
http://www.ciac.org/ciac/bulletins/n-084.shtml
Scores
CVSS v3
9.8
EPSS
0.0036
EPSS Percentile
58.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-346
Status
published
Products (1)
sgi/irix
< 6.5.19
Published
May 12, 2003
Tracked Since
Feb 18, 2026