Neuvector: >> Neuvector Security Vulnerabilities
NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password (provided that the active directory server has not been configured to reject empty passwords).
CVSS Score
9.8
EPSS Score
0.005
Published
2019-12-20