The (1) Zend_Ldap class in Zend prior to 1.12.9 and (2) Zend\Ldap component in Zend 2.x prior to 2.2.8 and 2.3.x prior to 2.3.3 allows remote malicious users to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zend zend framework |
||
zend zend framework 1.12.0 |
||
zend zend framework 2.01 |
||
zend zend framework 2.0.0 |
||
zend zend framework 1.12.5 |
||
zend zend framework 1.12.3 |
||
zend zend framework 2.2.3 |
||
zend zend framework 2.3.2 |
||
zend zend framework 2.3.1 |
||
zend zend framework 2.2.5 |
||
zend zend framework 2.2.6 |
||
zend zend framework 2.2.7 |
||
zend zend framework 1.12.2 |
||
zend zend framework 1.12.1 |
||
zend zend framework 2.2.2 |
||
zend zend framework 2.2.4 |
||
zend zend framework 2.3.0 |