Bypassing Username-Based ACLs in Squid 2.5 and Earlier via Leading or Trailing Spaces

Bypassing Username-Based ACLs in Squid 2.5 and Earlier via Leading or Trailing Spaces

CVE-2005-0173 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.

Learn more about our Cis Benchmark Audit For Server Software.