CVE-2014-8764

EUVD-2014-8595
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
mageia_projectmageia
3.0
mageia_projectmageia
4.0
dokuwikidokuwiki
𝑥
≤ 2013-12-08
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dokuwiki
bookworm
0.0.20220731.a-2
fixed
bullseye
0.0.20180422.a-2.1
fixed
jessie
not-affected
sid
0.0.20220731.a-3
fixed
trixie
0.0.20220731.a-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dokuwiki
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
lucid
ignored
precise
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0438.html
http://secunia.com/advisories/61983
http://www.debian.org/security/2014/dsa-3059
http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication
http://www.openwall.com/lists/oss-security/2014/10/13/3
http://www.openwall.com/lists/oss-security/2014/10/16/9
https://github.com/splitbrain/dokuwiki/pull/868
http://advisories.mageia.org/MGASA-2014-0438.html
http://secunia.com/advisories/61983
http://www.debian.org/security/2014/dsa-3059
http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication
http://www.openwall.com/lists/oss-security/2014/10/13/3
http://www.openwall.com/lists/oss-security/2014/10/16/9
https://github.com/splitbrain/dokuwiki/pull/868