Authentication Bypass in Bugzilla Affects LDAP Usernames
CVE-2012-3981

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 4 September 2012

What is CVE-2012-3981?

The vulnerability exists in the Auth/Verify/LDAP.pm component of Bugzilla, where insufficient character restrictions on usernames allow attackers to launch crafted login attempts that could manipulate an LDAP directory. This flaw exposes the system to potential data integrity risks as malicious users may exploit it to inject unauthorized data.

References

http://osvdb.org/85072

vdb-entryx_refsource_OSVDB

https://bugzilla.mozilla.org/show_bug.cgi?id=785470

x_refsource_CONFIRM

http://www.bugzilla.org/security/3.6.10/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2012
Vulnerability Reserved
Jul 11, 2012

Mozilla

What is CVE-2012-3981?

References

Timeline