Security Flaw in System Security Services Daemon Leading to LDAP Authentication Bypass
CVE-2010-2940

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: Sssd
Vendor: CVE Published:; 30 August 2010

🔔 Create Fedoraproject Vulnerability Alert

What is CVE-2010-2940?

A vulnerability in the authentication process of the System Security Services Daemon (SSSD) version 1.3.0 permits remote attackers to compromise security by bypassing authentication requirements when LDAP authentication and anonymous binds are enabled. This exploitation occurs through the use of an empty password, allowing unauthorized access to systems that rely on SSSD for LDAP authentication.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/61399

vdb-entryx_refsource_XF

http://secunia.com/advisories/41159

third-party-advisoryx_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=625189

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 30, 2010
Vulnerability Reserved
Aug 4, 2010