CVE-2005-2654

Properties

Published:
29.08.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
phpldapadmin: phpldapadmin

Vulnerability description

phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.

References:

DEBIAN: http://www.debian.org/security/2005/dsa-790
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423
GENTOO: http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml