// For flags

CVE-2020-26542

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account.

Se detectó un problema en el plugin LDAP Simple de MongoDB hasta el 2020-10-02 para Percona Server al utilizar la autenticación SimpleLDAP junto con el Directorio Activo de Microsoft, Percona ha descubierto un fallo que permitiría completar la autenticación al pasar un valor en blanco para la contraseña de la cuenta, lo que lleva a un acceso contra el servicio integrado con el que se despliega el Directorio Activo al nivel concedido a la cuenta autenticadora

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-10-02 CVE Reserved
  • 2020-11-09 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-09-13 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Percona
Search vendor "Percona"
Percona Server
Search vendor "Percona" for product "Percona Server"
<= 2020-10-02
Search vendor "Percona" for product "Percona Server" and version " <= 2020-10-02"
mongodb
Affected