CVE-2023-29484
MEDIUMTerminalfour < 8.3.16 - Incorrect Authorization via LDAP Misconfiguration
Title source: llmDescription
In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password.
References (2)
Core 2
Core References
Patch, Vendor Advisory
https://docs.terminalfour.com/articles/security-notices/cve-2023-29484/
Release Notes
https://docs.terminalfour.com/release-notes/83/16.html
Scores
CVSS v3
6.5
EPSS
0.0034
EPSS Percentile
26.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-863
Status
published
Products (6)
terminalfour/terminalfour
7.4.0004 qp3
terminalfour/terminalfour
8.2.18.2.3
terminalfour/terminalfour
8.2.18.8
terminalfour/terminalfour
8.3.11.2
terminalfour/terminalfour
8.3.14.2
terminalfour/terminalfour
8.3.16
Published
Oct 16, 2023
Tracked Since
Feb 18, 2026