Auth bypass in Fedoraproject Sssd

CVE-2010-2940

The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authent…

Vulnerability class: Broken Authentication

EPSS: 0.021 (78.9th percentile) — read the EPSS interpretation.

Affected products

Fedoraproject Sssd — versions 1.3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

secalert@redhat.com (vdb-entry, x_refsource_XF)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)