Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:03
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-09-09 17:15
Updated : 2024-02-28 17:08
NVD link : CVE-2019-12405
Mitre link : CVE-2019-12405
CVE.ORG link : CVE-2019-12405
JSON object : View
Products Affected
apache
- traffic_control
CWE
CWE-287
Improper Authentication