Couchbase Server 6.5.x and 6.6.x through 6.6.2 Vulnerability: Incorrect Access Control for Externally Managed Users

CVE-2021-35943 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513.

Learn more about our Cis Benchmark Audit For Server Software.