CVE-2014-8763
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
22/10/2014
Last modified:
12/04/2025
Description
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:* | 2014-05-05a (including) | |
| cpe:2.3:o:mageia_project:mageia:3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://advisories.mageia.org/MGASA-2014-0438.html
- http://secunia.com/advisories/61983
- http://www.debian.org/security/2014/dsa-3059
- http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication
- http://www.openwall.com/lists/oss-security/2014/10/13/3
- http://www.openwall.com/lists/oss-security/2014/10/16/9
- https://github.com/splitbrain/dokuwiki/pull/868
- http://advisories.mageia.org/MGASA-2014-0438.html
- http://secunia.com/advisories/61983
- http://www.debian.org/security/2014/dsa-3059
- http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication
- http://www.openwall.com/lists/oss-security/2014/10/13/3
- http://www.openwall.com/lists/oss-security/2014/10/16/9
- https://github.com/splitbrain/dokuwiki/pull/868