Remote Authentication Vulnerability in F5 BIG-IQ Cloud and ADC Products
CVE-2015-4637

Currently unrated

Key Information:

Vendor
F5
Status
Big-iq Security
Big-iq Device
Big-iq Cloud
Big-iq Adc
Vendor
CVE Published:
16 July 2015

Summary

The F5 BIG-IQ Cloud and ADC products are susceptible to a remote authentication vulnerability when configured for LDAP remote authentication. If the LDAP server permits anonymous BIND operations, this flaw enables remote attackers to exploit the system by guessing the LDAP user account names, thereby obtaining authentication tokens for arbitrary users. This vulnerability compromises user account security and can lead to unauthorized access.

References

https://support.f5.com/kb/en-us/solutions/public/16000/80...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.