The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-08-30T19:00:00

Updated: 2024-08-07T02:55:45.482Z

Reserved: 2010-08-04T00:00:00

Link: CVE-2010-2940

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-08-30T20:00:02.390

Modified: 2024-11-21T01:17:41.927

Link: CVE-2010-2940

cve-icon Redhat

Severity : Important

Publid Date: 2010-08-24T00:00:00Z

Links: CVE-2010-2940 - Bugzilla