Your submission was sent successfully! Close

CVE-2010-2940

Published: 30 August 2010

The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.

Priority

Medium

Status

Package Release Status
sssd
Launchpad, Ubuntu, Debian
Upstream
Released (1.2.1-4)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1.2.1-4)