CVE-2003-1434

Pete Werner Login Ldap - Authentication Bypass

Title source: rule

Description

login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password.

References (3)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2003-02/0244.html

[Patch] http://www.securityfocus.com/bid/6903

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/11374

Scores

EPSS 0.0049

EPSS Percentile 65.2%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

pete_werner/login_ldap

Timeline

Published Dec 31, 2003

Tracked Since Feb 18, 2026