CVE-2010-2940
published 2010-08-30CVE-2010-2940: The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled…
medium5.1CVSS 3.1
AVNACHAuNCPIPAP
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sssd | < sssd 1.2.1-4 (bookworm) | sssd 1.2.1-4 (bookworm) |
| fedoraproject | sssd | — | — |
| fedoraproject | sssd | >= 0 < 1.2.1-4 | 1.2.1-4 |
| fedoraproject | sssd | >= 0 < 1.2.1-4 | 1.2.1-4 |
| fedoraproject | sssd | >= 0 < 1.2.1-4 | 1.2.1-4 |
| fedoraproject | sssd | >= 0 < 1.2.1-4 | 1.2.1-4 |
CVSS provenance
nvd5.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM