|
Family: CGI abuses --> Category: attack
phpLDAPadmin Anonymous Bind Security Bypass Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for anonymous bind security bypass vulnerability in phpLDAPadmin
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by an authentication bypass issue.
Description :
The remote host is running phpLDAPadmin, a PHP-based LDAP browser.
The version of phpLDAPadmin installed on the remote host may allow
access to an LDAP server anonymously, even if anonymous binds have
been disabled in the application's configuration.
See also :
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423
http://www.nessus.org/u?4e9c6bc8
Solution :
Upgrade to phpLDAPadmin 0.9.7-rc1 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:H/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|