lib/WikiUser/LDAP.php in PhpWiki prior to 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote malicious users to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpwiki phpwiki |