oss-sec mailing list archives
CVE request: MantisBT Null byte poisoning in LDAP authentication
From: Damien Regad <dregad () mantisbt org>
Date: Fri, 12 Sep 2014 14:03:37 +0000 (UTC)
Greetings Matthew Daley reported a Null byte poisoning issue with LDAP authentication affecting MantisBT <= 1.2.17. A malicious user can exploit this vulnerability to login as any registered user and without knowing their password, to systems relying on LDAP for user authentication (e.g. Active Directory or OpenLDAP with "allow bind_anon_cred"). Patches are available in [1]; full details on the original issue report can be found at [2]. Can you please assign a CVE ID to this issue ? Thank you D. Regad MantisBT Developer http://mantisbt.org/ [1] http://github.com/mantisbt/mantisbt/commit/fc02c46ee (master branch) http://github.com/mantisbt/mantisbt/commit/215968fa8 (1.2.x branch) [2] http://www.mantisbt.org/bugs/view.php?id=17640
Current thread:
- CVE request: MantisBT Null byte poisoning in LDAP authentication Damien Regad (Sep 12)
- Re: CVE request: MantisBT Null byte poisoning in LDAP authentication cve-assign (Sep 12)
- Re: CVE request: MantisBT Null byte poisoning in LDAP authentication Damien Regad (Sep 13)
- Re: CVE request: MantisBT Null byte poisoning in LDAP authentication cve-assign (Sep 12)