// For flags

CVE-2011-1025

openldap: rootpw not verified via slapd.conf when using the NDB backend

Severity Score

10.0
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.

bind.cpp en back-ndb en OpenLDAP v2.4.x anteriores a v2.4.24 no requiere autenticación para el Distinguished Name (DN), lo que permite a atacantes remotos evitar las restricciones de acceso previsto a través de una contraseña arbitraria.

It was discovered that OpenLDAP did not properly check forwarded authentication failures when using a slave server and chain overlay. If OpenLDAP were configured in this manner, an attacker could bypass authentication checks by sending an invalid password to a slave server. It was discovered that OpenLDAP did not properly perform authentication checks to the rootdn when using the back-ndb backend. An attacker could exploit this to access the directory by sending an arbitrary password. Ubuntu does not ship OpenLDAP with back-ndb support by default. This issue did not affect Ubuntu 8.04 LTS. It was discovered that OpenLDAP did not properly validate modrdn requests. An unauthenticated remote user could use this to cause a denial of service via application crash.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-02-14 CVE Reserved
  • 2011-03-20 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.6
Search vendor "Openldap" for product "Openldap" and version "2.4.6"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.7
Search vendor "Openldap" for product "Openldap" and version "2.4.7"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.8
Search vendor "Openldap" for product "Openldap" and version "2.4.8"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.9
Search vendor "Openldap" for product "Openldap" and version "2.4.9"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.10
Search vendor "Openldap" for product "Openldap" and version "2.4.10"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.11
Search vendor "Openldap" for product "Openldap" and version "2.4.11"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.12
Search vendor "Openldap" for product "Openldap" and version "2.4.12"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.13
Search vendor "Openldap" for product "Openldap" and version "2.4.13"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.14
Search vendor "Openldap" for product "Openldap" and version "2.4.14"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.15
Search vendor "Openldap" for product "Openldap" and version "2.4.15"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.16
Search vendor "Openldap" for product "Openldap" and version "2.4.16"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.17
Search vendor "Openldap" for product "Openldap" and version "2.4.17"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.18
Search vendor "Openldap" for product "Openldap" and version "2.4.18"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.19
Search vendor "Openldap" for product "Openldap" and version "2.4.19"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.20
Search vendor "Openldap" for product "Openldap" and version "2.4.20"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.21
Search vendor "Openldap" for product "Openldap" and version "2.4.21"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.22
Search vendor "Openldap" for product "Openldap" and version "2.4.22"
-
Affected
Openldap
Search vendor "Openldap"
 Openldap
Search vendor "Openldap" for product "Openldap"
 2.4.23
Search vendor "Openldap" for product "Openldap" and version "2.4.23"
-
Affected