CVE-2011-1025
openldap: rootpw not verified via slapd.conf when using the NDB backend
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
bind.cpp en back-ndb en OpenLDAP v2.4.x anteriores a v2.4.24 no requiere autenticación para el Distinguished Name (DN), lo que permite a atacantes remotos evitar las restricciones de acceso previsto a través de una contraseña arbitraria.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-02-14 CVE Reserved
- 2011-03-20 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (16)
URL | Tag | Source |
---|---|---|
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | X_refsource_confirm | |
http://openwall.com/lists/oss-security/2011/02/24/12 | Mailing List | |
http://openwall.com/lists/oss-security/2011/02/25/13 | Mailing List | |
http://secunia.com/advisories/43718 | Third Party Advisory | |
http://securitytracker.com/id?1025190 | Vdb Entry | |
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661 | X_refsource_confirm | |
http://www.openldap.org/lists/openldap-announce/201102/msg00000.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8 | 2017-01-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=680472 | 2011-03-10 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/43331 | 2017-01-07 | |
http://security.gentoo.org/glsa/glsa-201406-36.xml | 2017-01-07 | |
http://www.mandriva.com/security/advisories?name=MDVSA-2011:056 | 2017-01-07 | |
http://www.redhat.com/support/errata/RHSA-2011-0347.html | 2017-01-07 | |
http://www.ubuntu.com/usn/USN-1100-1 | 2017-01-07 | |
http://www.vupen.com/english/advisories/2011/0665 | 2017-01-07 | |
https://access.redhat.com/security/cve/CVE-2011-1025 | 2011-03-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.6 Search vendor "Openldap" for product "Openldap" and version "2.4.6" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.7 Search vendor "Openldap" for product "Openldap" and version "2.4.7" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.8 Search vendor "Openldap" for product "Openldap" and version "2.4.8" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.9 Search vendor "Openldap" for product "Openldap" and version "2.4.9" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.10 Search vendor "Openldap" for product "Openldap" and version "2.4.10" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.11 Search vendor "Openldap" for product "Openldap" and version "2.4.11" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.12 Search vendor "Openldap" for product "Openldap" and version "2.4.12" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.13 Search vendor "Openldap" for product "Openldap" and version "2.4.13" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.14 Search vendor "Openldap" for product "Openldap" and version "2.4.14" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.15 Search vendor "Openldap" for product "Openldap" and version "2.4.15" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.16 Search vendor "Openldap" for product "Openldap" and version "2.4.16" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.17 Search vendor "Openldap" for product "Openldap" and version "2.4.17" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.18 Search vendor "Openldap" for product "Openldap" and version "2.4.18" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.19 Search vendor "Openldap" for product "Openldap" and version "2.4.19" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.20 Search vendor "Openldap" for product "Openldap" and version "2.4.20" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.21 Search vendor "Openldap" for product "Openldap" and version "2.4.21" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.22 Search vendor "Openldap" for product "Openldap" and version "2.4.22" | - |
Affected
| ||||||
Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.23 Search vendor "Openldap" for product "Openldap" and version "2.4.23" | - |
Affected
|