Unauthorized Access Vulnerability in login_ldap by PHP Group
CVE-2003-1434

Currently unrated

Key Information:

Vendor

Pete Werner

Status
Login Ldap
Vendor
CVE Published:
31 December 2003

What is CVE-2003-1434?

The login_ldap module versions 3.1 and 3.2 for PHP enables remote attackers to initiate unauthenticated bind requests. This vulnerability arises from misconfigurations that allow operations without proper credentials. Specifically, if 'bind_anon_dn' is enabled, attackers can execute binds without a password; if 'bind_anon_cred' is active, binds can occur with no distinguished name (DN); and if 'bind_anon' is turned on, binds can exploit the absence of both DN and password. Proper security configurations are essential to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/6903
vdb-entryx_refsource_BID
http://archives.neohapsis.com/archives/bugtraq/2003-02/02...
mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/11374
vdb-entryx_refsource_XF

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.