Authentication Bypass in Zend Framework Components from Zend
CVE-2014-8088

Currently unrated

Key Information:

Vendor

Zend

Status
Zend Framework
Vendor
CVE Published:
22 October 2014

What is CVE-2014-8088?

The Zend Framework contains a vulnerability in the Zend_Ldap class and component, which permits remote attackers to bypass authentication mechanisms. This is achieved when a password begins with a null byte, resulting in an unauthenticated bind. This loophole could potentially enable malicious actors to gain unauthorized access to systems that rely on vulnerable versions of the framework.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2014/10/10/5
mailing-listx_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.