CVE-2014-8764

Published: Oct 22, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication

mailing-list

x_refsource_MLIST

61983

third-party-advisory

x_refsource_SECUNIA

http://advisories.mageia.org/MGASA-2014-0438.html

x_refsource_CONFIRM

[oss-security] 20141013 CVE request: various security flaws in dokuwiki

mailing-list

x_refsource_MLIST

[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki

mailing-list

x_refsource_MLIST

DSA-3059

vendor-advisory

x_refsource_DEBIAN

https://github.com/splitbrain/dokuwiki/pull/868

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-8764

Description

Affected Products

References