Description
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
Remediation
References
Related Vulnerabilities
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14893)
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5078)
Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2018-20465)
PostgreSQL Integer Overflow or Wraparound Vulnerability (CVE-2023-5869)
WordPress Plugin Asset CleanUp:Page Speed Booster Cross-Site Scripting (1.3.6.7)