Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache traffic control 3.0.0 |
||
apache traffic control 3.0.1 |