Remote Authentication Vulnerability in F5 BIG-IQ Cloud and ADC Products
CVE-2015-4637
Currently unrated
Key Information:
- Vendor
- F5
- Vendor
- CVE Published:
- 16 July 2015
Summary
The F5 BIG-IQ Cloud and ADC products are susceptible to a remote authentication vulnerability when configured for LDAP remote authentication. If the LDAP server permits anonymous BIND operations, this flaw enables remote attackers to exploit the system by guessing the LDAP user account names, thereby obtaining authentication tokens for arbitrary users. This vulnerability compromises user account security and can lead to unauthorized access.
References
Timeline
Vulnerability published
Vulnerability Reserved