Horde Webmail up to 2.0.5 Horde_ldap Password improper authentication
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.4 | $0-$5k | 0.00 |
A vulnerability classified as critical was found in Horde Webmail up to 2.0.5 (Groupware Software). This vulnerability affects some unknown functionality of the component Horde_ldap. The manipulation of the argument Password
with an unknown input leads to a improper authentication vulnerability. The CWE definition for the vulnerability is CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. As an impact it is known to affect confidentiality, and integrity. CVE summarizes:
The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN.
The weakness was disclosed 06/03/2014 by Matthew Daley as [horde] SECURITY: authentication bypass in Horde_Ldap as confirmed posting (Mailing List). The advisory is available at lists.horde.org. This vulnerability was named CVE-2014-3999 since 06/09/2014. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details are known, but there is no available exploit. The advisory points out:
So far only certain setups have been confirmed to be exploitable: The system must use LDAP for authentication, an LDAP user must have been specified for binding (as opposed to anonymous binding), that LDAP user must have the same parent DN like the system users, and the attacker must guess the binding user's name. In this case the attacker can login with the guessed name and an empty password. Whether this actually allows for further access to data or to the system, completely depends on the individual setup. It's possible that other mitigation factors exist though, that haven't been discovered yet.
Upgrading to version 2.0.6 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the vulnerability database at X-Force (93846).
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.9
VulDB Base Score: 6.5
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.1
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Improper authenticationCWE: CWE-287
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Webmail 2.0.6
Timeline
06/03/2014 🔍06/03/2014 🔍
06/03/2014 🔍
06/03/2014 🔍
06/09/2014 🔍
06/12/2014 🔍
06/12/2014 🔍
06/22/2014 🔍
04/10/2018 🔍
06/22/2021 🔍
Sources
Vendor: horde.orgAdvisory: [horde] SECURITY: authentication bypass in Horde_Ldap
Researcher: Matthew Daley
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-3999 (🔍)
X-Force: 93846 - Horde Horde_Ldap security bypass, Medium Risk
Vulnerability Center: 45076 - PHP Horde LDAP <2.0.6 Remote Security Bypass Vulnerability, Medium
SecurityFocus: 68014 - Horde_Ldap Authentication Bypass Vulnerability
Secunia: 58860 - Horde Horde_ldap Module Bind Security Bypass Security Issue, Moderately Critical
OSVDB: 107708
Entry
Created: 06/12/2014 23:31Updated: 06/22/2021 20:12
Changes: 06/12/2014 23:31 (47), 05/31/2017 08:56 (28), 06/22/2021 20:04 (3), 06/22/2021 20:12 (11)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.