CVE-2007-3193

CVE-2007-3193 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.

Learn more about our Cis Benchmark Audit For Bind.