Skip to main content

Mageia CVE-2014-8764

MEDIUM
Improper Authentication (CWE-287)
2014-10-22 secalert@redhat.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 22, 2014 - 14:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.

AnalysisAI

DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind. Affected products include: Mageia Project Mageia, Dokuwiki.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

More in Mageia

View all
CVE-2014-9274 HIGH POC
7.5 Dec 09

UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated b

CVE-2014-5461 MEDIUM POC
5.0 Sep 04

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attacker

CVE-2014-9116 MEDIUM POC
5.0 Dec 02

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, w

CVE-2014-7204 MEDIUM POC
5.0 Oct 07

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk co

CVE-2014-9087 HIGH
7.5 Dec 01

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to

CVE-2014-8117 MEDIUM
5.0 Dec 17

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of se

CVE-2014-8116 MEDIUM
5.0 Dec 17

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or

CVE-2013-4159 HIGH
7.5 Aug 06

ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related

CVE-2014-9037 MEDIUM
6.8 Nov 25

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obt

CVE-2014-8104 MEDIUM
6.8 Dec 03

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause

CVE-2014-3429 MEDIUM
6.8 Aug 07

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote att

CVE-2015-2296 MEDIUM
6.8 Mar 18

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session

Share

CVE-2014-8764 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy