DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (0) character and a valid user name, which triggers an unauthenticated bind.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Dokuwiki | Dokuwiki | * | 2014-05-05a (including) |