漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
RT: LDAP authentication bypass via empty password
Vulnerability Description
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker may be able to authenticate as any LDAP-backed RT user without supplying valid credentials. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by reviewing their LDAP server's authentication policy to ensure it rejects unauthenticated bind attempts. Upgrading RT remains the recommended fix.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
Request Tracker 授权问题漏洞
Vulnerability Description
Request Tracker是Request Tracker公司的一个问题和工单跟踪系统。 Request Tracker 5.0.9及之前版本和6.0.0版本至6.0.2版本存在授权问题漏洞,该漏洞源于使用LDAP/AD进行用户身份验证的RT安装中存在身份验证绕过,可能导致攻击者在特定LDAP服务器配置下无需有效凭据即可进行身份验证。
CVSS Information
N/A
Vulnerability Type
N/A