OpenLDAP 2.4.x Root Distinguished Name Authentication Bypass Vulnerability

OpenLDAP 2.4.x Root Distinguished Name Authentication Bypass Vulnerability

CVE-2011-1025 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.

Learn more about our Web Application Penetration Testing UK.