Null Character Bypass Vulnerability in DokuWiki LDAP Authentication

Null Character Bypass Vulnerability in DokuWiki LDAP Authentication

CVE-2014-8763 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.

Learn more about our Cis Benchmark Audit For Bind.