CVE-2010-2940

The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.
Configurations

Configuration 1 (hide)

cpe:2.3:a:fedoraproject:sssd:1.3.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:17

Type Values Removed Values Added
References () http://secunia.com/advisories/41159 - Vendor Advisory () http://secunia.com/advisories/41159 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=625189 - () https://bugzilla.redhat.com/show_bug.cgi?id=625189 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/61399 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/61399 -

Information

Published : 2010-08-30 20:00

Updated : 2024-11-21 01:17


NVD link : CVE-2010-2940

Mitre link : CVE-2010-2940

CVE.ORG link : CVE-2010-2940


JSON object : View

Products Affected

fedoraproject

  • sssd
CWE
CWE-287

Improper Authentication