CVE-2011-1024
Description
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.
Risk Information
Base Score
10.0
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.247
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2011:0347) Moderate: openldap security update compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686.rpm | Linux |
| (RHSA-2011:0347) Moderate: openldap security update compat-openldap-2.4.19_2.3.43-15.el6_0.2.x86_64.rpm | Linux |
| CVE-2011-1024 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234