Back to search
CVE-2010-2940
Published: Aug 30, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
sssd-ldap-security-bypass(61399)
vdb-entry
x_refsource_XF
41159
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=625189
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now