CVE Vulnerabilities

CVE-2011-1024

Published: Mar 20, 2011 | Modified: Jan 07, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:N/AC:H/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.

Affected Software

Name Vendor Start Version End Version
Openldap Openldap 2.4.17 2.4.17
Openldap Openldap 2.4.6 2.4.6
Openldap Openldap 2.4.11 2.4.11
Openldap Openldap 2.4.8 2.4.8
Openldap Openldap 2.4.9 2.4.9
Openldap Openldap 2.4.16 2.4.16
Openldap Openldap 2.4.22 2.4.22
Openldap Openldap 2.4.20 2.4.20
Openldap Openldap 2.4.15 2.4.15
Openldap Openldap 2.4.18 2.4.18
Openldap Openldap 2.4.7 2.4.7
Openldap Openldap 2.4.23 2.4.23
Openldap Openldap 2.4.14 2.4.14
Openldap Openldap 2.4.19 2.4.19
Openldap Openldap 2.4.12 2.4.12
Openldap Openldap 2.4.21 2.4.21
Openldap Openldap 2.4.13 2.4.13
Openldap Openldap 2.4.10 2.4.10

References