CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-2940

The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.6%

CVSS Severity

CVSS v2 Score 5.1

References

http://secunia.com/advisories/41159
https://bugzilla.redhat.com/show_bug.cgi?id=625189
https://exchange.xforce.ibmcloud.com/vulnerabilities/61399
http://secunia.com/advisories/41159
https://bugzilla.redhat.com/show_bug.cgi?id=625189
https://exchange.xforce.ibmcloud.com/vulnerabilities/61399

Products affected by CVE-2010-2940

Fedoraproject » Sssd » Version: 1.3.0

cpe:2.3:a:fedoraproject:sssd:1.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-2940

Products

Pricing

Contact Us