Vulnerability: Unauthorized replace Action in OpenLDAP Allows Deletion of Protected Attributes

Vulnerability: Unauthorized replace Action in OpenLDAP Allows Deletion of Protected Attributes

CVE-2002-0045 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs.

Learn more about our User Device Pen Test.