bind.cpp in back-ndb in OpenLDAP 2.4.x prior to 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote malicious users to bypass intended access restrictions via an arbitrary password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openldap openldap 2.4.7 |
||
openldap openldap 2.4.6 |
||
openldap openldap 2.4.15 |
||
openldap openldap 2.4.20 |
||
openldap openldap 2.4.22 |
||
openldap openldap 2.4.8 |
||
openldap openldap 2.4.17 |
||
openldap openldap 2.4.14 |
||
openldap openldap 2.4.13 |
||
openldap openldap 2.4.12 |
||
openldap openldap 2.4.11 |
||
openldap openldap 2.4.21 |
||
openldap openldap 2.4.18 |
||
openldap openldap 2.4.10 |
||
openldap openldap 2.4.9 |
||
openldap openldap 2.4.16 |
||
openldap openldap 2.4.19 |
||
openldap openldap 2.4.23 |