Auth bypass in Dokuwiki

CVE-2014-8763

DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated…

Vulnerability class: Broken Authentication

EPSS: 0.011 (77.9th percentile) — read the EPSS interpretation.

Affected products

Dokuwiki
Mageia_project Mageia — versions 3.0, 4.0
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication (mailing-list, x_refsource_MLIST)
61983 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
[oss-security] 20141013 CVE request: various security flaws in dokuwiki (mailing-list, x_refsource_MLIST)
[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki (mailing-list, x_refsource_MLIST)
DSA-3059 (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM)