CVE-2010-2940

The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.
Configurations

Configuration 1 (hide)

cpe:2.3:a:fedoraproject:sssd:1.3.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-08-30 20:00

Updated : 2024-02-28 11:41


NVD link : CVE-2010-2940

Mitre link : CVE-2010-2940

CVE.ORG link : CVE-2010-2940


JSON object : View

Products Affected

fedoraproject

  • sssd
CWE
CWE-287

Improper Authentication