CVE-2020-26168

The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid passwords.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hazelcast:jet:*:*:*:*:enterprise:*:*:*

History

No history.

Information

Published : 2020-11-09 22:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-26168

Mitre link : CVE-2020-26168

CVE.ORG link : CVE-2020-26168


JSON object : View

Products Affected

hazelcast

  • jet
  • hazelcast
CWE
CWE-287

Improper Authentication