CVE-2010-2940 in SSSDinfo

Summary

The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

08/04/2010

Disclosure

08/30/2010

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-287 (Confirmed)

CVSS

5.6

EPSS

0.00237

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2010-2940
NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-2940
CVE Details	https://www.cvedetails.com/cve/CVE-2010-2940/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!