The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x prior to 4.0.3, and Jet Enterprise 4.x up to and including 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid passwords.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hazelcast hazelcast |
||
hazelcast jet |