CVE-2010-1596

Support Incident Tracker < 3.51 - Unauthenticated Authentication Bypass via Empty LDAP Password

Title source: llm

Description

Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

References (7)

Core 7

Core References

Patch x_refsource_confirm

http://sitracker.org/wiki/ReleaseNotes351

Various Sources x_refsource_confirm

http://sitracker.org/forum/viewtopic.php?f=4&t=1416979&p=2292

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/55871

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37949

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/61945

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38329

Various Sources x_refsource_confirm

http://bugs.sitracker.org/view.php?id=1047

Scores

EPSS 0.0154

EPSS Percentile 71.7%

Details

CWE

CWE-287

Status published

Products (16)

sitracker/support_incident_tracker 3.21

sitracker/support_incident_tracker 3.22

sitracker/support_incident_tracker 3.22pl1

sitracker/support_incident_tracker 3.23

sitracker/support_incident_tracker 3.24 (2 CPE variants)

sitracker/support_incident_tracker 3.30 (2 CPE variants)

sitracker/support_incident_tracker 3.31

sitracker/support_incident_tracker 3.32

sitracker/support_incident_tracker 3.33

sitracker/support_incident_tracker 3.35 (2 CPE variants)

... and 6 more

Published Apr 28, 2010

Tracked Since Feb 18, 2026