lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpwiki | Phpwiki | * | 1.3.13 (including) |