OpenLDAP 2.4.x Root Distinguished Name Authentication Bypass Vulnerability
CVE-2011-1025 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
Learn more about our Web Application Penetration Testing UK.