Vulnerabilities

CVE-2007-3193

by Fred · 12/06/2007

lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.

Date published : 2007-06-12

http://sourceforge.net/project/shownotes.php?release_id=514820

http://www.debian.org/security/2007/dsa-1371

Similar

Tags: Cybersecurity Alert