CVE-2007-3193

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-3193
lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://osvdb.org/37219
http://secunia.com/advisories/25595 Patch Vendor Advisory
http://secunia.com/advisories/26784
http://secunia.com/advisories/26880
http://security.gentoo.org/glsa/glsa-200709-10.xml
http://sourceforge.net/project/shownotes.php?release_id=514820
http://sourceforge.net/tracker/index.php?func=detail&aid=1732882&group_id=6121&atid=106121
http://www.debian.org/security/2007/dsa-1371
http://www.vupen.com/english/advisories/2007/2144
https://exchange.xforce.ibmcloud.com/vulnerabilities/34819
http://osvdb.org/37219
http://secunia.com/advisories/25595 Patch Vendor Advisory
http://secunia.com/advisories/26784
http://secunia.com/advisories/26880
http://security.gentoo.org/glsa/glsa-200709-10.xml
http://sourceforge.net/project/shownotes.php?release_id=514820
http://sourceforge.net/tracker/index.php?func=detail&aid=1732882&group_id=6121&atid=106121
http://www.debian.org/security/2007/dsa-1371
http://www.vupen.com/english/advisories/2007/2144
https://exchange.xforce.ibmcloud.com/vulnerabilities/34819
Configurations

Configuration 1 (hide)

cpe:2.3:a:phpwiki:phpwiki:*:*:*:*:*:*:*:*
History

21 Nov 2024, 00:32

Type Values Removed Values Added
References () http://osvdb.org/37219 - () http://osvdb.org/37219 -
References () http://secunia.com/advisories/25595 - Patch, Vendor Advisory () http://secunia.com/advisories/25595 - Patch, Vendor Advisory
References () http://secunia.com/advisories/26784 - () http://secunia.com/advisories/26784 -
References () http://secunia.com/advisories/26880 - () http://secunia.com/advisories/26880 -
References () http://security.gentoo.org/glsa/glsa-200709-10.xml - () http://security.gentoo.org/glsa/glsa-200709-10.xml -
References () http://sourceforge.net/project/shownotes.php?release_id=514820 - () http://sourceforge.net/project/shownotes.php?release_id=514820 -
References () http://sourceforge.net/tracker/index.php?func=detail&aid=1732882&group_id=6121&atid=106121 - () http://sourceforge.net/tracker/index.php?func=detail&aid=1732882&group_id=6121&atid=106121 -
References () http://www.debian.org/security/2007/dsa-1371 - () http://www.debian.org/security/2007/dsa-1371 -
References () http://www.vupen.com/english/advisories/2007/2144 - () http://www.vupen.com/english/advisories/2007/2144 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/34819 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/34819 -
Information

Published : 2007-06-12 23:30

Updated : 2024-11-21 00:32

NVD link : CVE-2007-3193

Mitre link : CVE-2007-3193

CVE.ORG link : CVE-2007-3193

JSON object : View

Products Affected

phpwiki

  • phpwiki
CWE
NVD-CWE-Other