Published: 22/10/2014 Updated: 15/07/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

DokuWiki prior to 2014-05-05b, when using Active Directory for LDAP authentication, allows remote malicious users to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dokuwiki dokuwiki
mageia project mageia 4.0
mageia project mageia 3.0

Debian Bug report logs - #766545 CVE-2014-8763 CVE-2014-8764 Package: dokuwiki; Maintainer for dokuwiki is Tanguy Ortolo <tanguy+debian@ortoloeu>; Source for dokuwiki is src:dokuwiki (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 23 Oct 2014 21:12:19 UTC Severity: important Tags: ...

Debian Bug report logs - #773429 dokuwiki: CVE-2014-9253 Package: dokuwiki; Maintainer for dokuwiki is Tanguy Ortolo <tanguy+debian@ortoloeu>; Source for dokuwiki is src:dokuwiki (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 18 Dec 2014 10:09:02 UTC Severity: important Tags: secu ...

Two vulnerabilities have been discovered in dokuwiki Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication For the stable distribution (wheezy), these problems have been fixed in version 0020120125b-2+deb7u1 For the unstable distribution (sid), ...

CWE-287 http://www.openwall.com/lists/oss-security/2014/10/16/9 http://www.openwall.com/lists/oss-security/2014/10/13/3 https://github.com/splitbrain/dokuwiki/pull/868 http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication http://www.debian.org/security/2014/dsa-3059 http://secunia.com/advisories/61983 http://advisories.mageia.org/MGASA-2014-0438.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766545 https://www.debian.org/security/./dsa-3059

CVE-2014-8763

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect