CVE-2020-26542Improper Authentication in Server

CWE-287Improper Authentication3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 33.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Percona Server
Timeline
PublishedNov 9
Latest updateMay 24

Description

An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDpercona/percona_server2020-10-02

🔴Vulnerability Details

2
GHSA
GHSA-q88m-4hg8-4h3h: An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunctio2022-05-24
CVEList
CVE-2020-26542: An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunctio2020-11-09
CVE-2020-26542 — Improper Authentication in Server | cvebase