Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
login_ldap模块未授权访问漏洞
Vulnerability Description
login_ldap是一款BSD验证模块,可以与LDAP服务器协同使用进行验证,运行在OpenBSD和BSD/OS操作系统下。 login_ldap模块用于特定LDAP服务配置的情况下存在漏洞,远程攻击者可以利用这个漏洞不使用口令访问受此漏洞影响的运行login_ldap的系统。 LDAP支持"简单"方式,"简单"方式支持三种绑定操作:匿名、非认证、认证。匿名操作方式不需要提供用户名和口令获取匿名访问权限,非认证方式只需要提供用户名不需要口令,认证方式用户名和口令都需要。 匿名绑定可导致匿名授权,匿名绑定
CVSS Information
N/A
Vulnerability Type
N/A